From 3b311c89b7df577f7a36d0fa23c5dd2e91a40b37 Mon Sep 17 00:00:00 2001
From: Alberto Rodriguez <alberto.rfernandez4@gmail.com>
Date: Mon, 21 Oct 2024 16:43:07 +0200
Subject: [PATCH] feat: add demo

---
 components/producers/cloudpi/README.md        |  4 ++
 components/producers/cloudpi/logs.txt         |  3 +
 .../producers/cloudpi/neo4j-client/main.py    |  1 -
 .../neo4j-client/reachability/assessor.py     |  5 +-
 .../cloudpi/neo4j-client/trivy/run.py         |  2 +-
 components/producers/cloudpi/task-demo.yaml   | 64 +++++++++++++++++++
 6 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 components/producers/cloudpi/README.md
 create mode 100644 components/producers/cloudpi/logs.txt
 create mode 100644 components/producers/cloudpi/task-demo.yaml

diff --git a/components/producers/cloudpi/README.md b/components/producers/cloudpi/README.md
new file mode 100644
index 00000000..7a3c0166
--- /dev/null
+++ b/components/producers/cloudpi/README.md
@@ -0,0 +1,4 @@
+# What's not automated
+
+- image build
+- task creation
\ No newline at end of file
diff --git a/components/producers/cloudpi/logs.txt b/components/producers/cloudpi/logs.txt
new file mode 100644
index 00000000..774866f1
--- /dev/null
+++ b/components/producers/cloudpi/logs.txt
@@ -0,0 +1,3 @@
+{'SchemaVersion': 2, 'ArtifactName': 'snap-079031379a8fe0057', 'ArtifactType': 'vm', 'Metadata': {'OS': {'Family': 'ubuntu', 'Name': '22.04'}, 'ImageConfig': {'architecture': '', 'created': '0001-01-01T00:00:00Z', 'os': '', 'rootfs': {'type': '', 'diff_ids': None}, 'config': {}}}, 'Results': [{'Target': 'snap-079031379a8fe0057 (ubuntu 22.04)', 'Class': 'os-pkgs', 'Type': 'ubuntu', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2021-26318', 'PkgID': 'amd64-microcode@3.20191218.1ubuntu2.2', 'PkgName': 'amd64-microcode', 'InstalledVersion': '3.20191218.1ubuntu2.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-203', 'CWE-208'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 1.9, 'V3Score': 4.7}}, 'References': ['https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017', 'https://www.cve.org/CVERecord?id=CVE-2021-26318'], 'PublishedDate': '2021-10-13T19:15:07.36Z', 'LastModifiedDate': '2021-10-20T18:29:12.263Z'}, {'VulnerabilityID': 'CVE-2023-31315', 'PkgID': 'amd64-microcode@3.20191218.1ubuntu2.2', 'PkgName': 'amd64-microcode', 'InstalledVersion': '3.20191218.1ubuntu2.2', 'FixedVersion': '3.20191218.1ubuntu2.3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'hw: amd: SMM Lock Bypass', 'Description': 'Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-94'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31315', 'https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit?id=091bd5adf19c7ab01214c64689952acb4833b21d', 'https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/', 'https://linux.oracle.com/cve/CVE-2023-31315.html', 'https://linux.oracle.com/errata/ELSA-2024-12580.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31315', 'https://ubuntu.com/security/notices/USN-7077-1', 'https://www.amd.com/en/resources/product-security.html', 'https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html', 'https://www.cve.org/CVERecord?id=CVE-2023-31315'], 'PublishedDate': '2024-08-12T13:38:10.353Z', 'LastModifiedDate': '2024-08-27T15:35:00.983Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2023-39810', 'PkgID': 'busybox-initramfs@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-initramfs', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-39810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: CPIO command of Busybox allows attackers to execute a directory traversal', 'Description': 'An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-22'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['http://busybox.com', 'http://lists.busybox.net/pipermail/busybox/2024-August/090865.html', 'https://access.redhat.com/security/cve/CVE-2023-39810', 'https://nvd.nist.gov/vuln/detail/CVE-2023-39810', 'https://www.cve.org/CVERecord?id=CVE-2023-39810', 'https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/'], 'PublishedDate': '2023-08-28T19:15:07.893Z', 'LastModifiedDate': '2023-09-07T13:48:46.393Z'}, {'VulnerabilityID': 'CVE-2023-42366', 'PkgID': 'busybox-initramfs@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-initramfs', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-42366', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: A heap-buffer-overflow', 'Description': 'A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-42366', 'https://bugs.busybox.net/show_bug.cgi?id=15874', 'https://nvd.nist.gov/vuln/detail/CVE-2023-42366', 'https://www.cve.org/CVERecord?id=CVE-2023-42366'], 'PublishedDate': '2023-11-27T23:15:07.42Z', 'LastModifiedDate': '2023-11-30T05:08:23.197Z'}, {'VulnerabilityID': 'CVE-2022-28391', 'PkgID': 'busybox-initramfs@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-initramfs', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-28391', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: remote attackers may execute arbitrary code if netstat is used', 'Description': "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-28391', 'https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch', 'https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch', 'https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661', 'https://nvd.nist.gov/vuln/detail/CVE-2022-28391', 'https://www.cve.org/CVERecord?id=CVE-2022-28391'], 'PublishedDate': '2022-04-03T21:15:08.207Z', 'LastModifiedDate': '2022-08-11T18:44:50.37Z'}, {'VulnerabilityID': 'CVE-2023-39810', 'PkgID': 'busybox-static@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-static', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-39810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: CPIO command of Busybox allows attackers to execute a directory traversal', 'Description': 'An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-22'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['http://busybox.com', 'http://lists.busybox.net/pipermail/busybox/2024-August/090865.html', 'https://access.redhat.com/security/cve/CVE-2023-39810', 'https://nvd.nist.gov/vuln/detail/CVE-2023-39810', 'https://www.cve.org/CVERecord?id=CVE-2023-39810', 'https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/'], 'PublishedDate': '2023-08-28T19:15:07.893Z', 'LastModifiedDate': '2023-09-07T13:48:46.393Z'}, {'VulnerabilityID': 'CVE-2023-42366', 'PkgID': 'busybox-static@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-static', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-42366', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: A heap-buffer-overflow', 'Description': 'A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-42366', 'https://bugs.busybox.net/show_bug.cgi?id=15874', 'https://nvd.nist.gov/vuln/detail/CVE-2023-42366', 'https://www.cve.org/CVERecord?id=CVE-2023-42366'], 'PublishedDate': '2023-11-27T23:15:07.42Z', 'LastModifiedDate': '2023-11-30T05:08:23.197Z'}, {'VulnerabilityID': 'CVE-2022-28391', 'PkgID': 'busybox-static@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-static', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-28391', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: remote attackers may execute arbitrary code if netstat is used', 'Description': "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-28391', 'https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch', 'https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch', 'https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661', 'https://nvd.nist.gov/vuln/detail/CVE-2022-28391', 'https://www.cve.org/CVERecord?id=CVE-2022-28391'], 'PublishedDate': '2022-04-03T21:15:08.207Z', 'LastModifiedDate': '2022-08-11T18:44:50.37Z'}, {'VulnerabilityID': 'CVE-2016-2781', 'PkgID': 'coreutils@8.32-4.1ubuntu1.2', 'PkgName': 'coreutils', 'InstalledVersion': '8.32-4.1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'coreutils: Non-privileged session can escape to the parent session in chroot', 'Description': "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:L/AC:H/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H', 'V2Score': 6.2, 'V3Score': 8.6}}, 'References': ['http://seclists.org/oss-sec/2016/q1/452', 'http://www.openwall.com/lists/oss-security/2016/02/28/2', 'http://www.openwall.com/lists/oss-security/2016/02/28/3', 'https://access.redhat.com/security/cve/CVE-2016-2781', 'https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2781', 'https://www.cve.org/CVERecord?id=CVE-2016-2781'], 'PublishedDate': '2017-02-07T15:59:00.333Z', 'LastModifiedDate': '2023-11-07T02:32:03.347Z'}, {'VulnerabilityID': 'CVE-2023-7216', 'PkgID': 'cpio@2.13+dfsg-7ubuntu0.1', 'PkgName': 'cpio', 'InstalledVersion': '2.13+dfsg-7ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7216', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'CPIO: extraction allows symlinks which enables Remote Command Execution', 'Description': 'A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-22', 'CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-7216', 'https://bugzilla.redhat.com/show_bug.cgi?id=2249901', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7216', 'https://www.cve.org/CVERecord?id=CVE-2023-7216'], 'PublishedDate': '2024-02-05T15:15:08.903Z', 'LastModifiedDate': '2024-09-19T06:15:02.437Z'}, {'VulnerabilityID': 'CVE-2023-34969', 'PkgID': 'dbus@1.12.20-2ubuntu4.1', 'PkgName': 'dbus', 'InstalledVersion': '1.12.20-2ubuntu4.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-34969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered', 'Description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4569', 'https://access.redhat.com/security/cve/CVE-2023-34969', 'https://bugzilla.redhat.com/2213166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213166', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969', 'https://errata.almalinux.org/9/ALSA-2023-4569.html', 'https://errata.rockylinux.org/RLSA-2023:4569', 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457', 'https://linux.oracle.com/cve/CVE-2023-34969.html', 'https://linux.oracle.com/errata/ELSA-2023-4569.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-34969', 'https://security.netapp.com/advisory/ntap-20231208-0007/', 'https://ubuntu.com/security/notices/USN-6372-1', 'https://www.cve.org/CVERecord?id=CVE-2023-34969'], 'PublishedDate': '2023-06-08T03:15:08.97Z', 'LastModifiedDate': '2023-12-27T16:36:58.353Z'}, {'VulnerabilityID': 'CVE-2023-34969', 'PkgID': 'dbus-user-session@1.12.20-2ubuntu4.1', 'PkgName': 'dbus-user-session', 'InstalledVersion': '1.12.20-2ubuntu4.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-34969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered', 'Description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4569', 'https://access.redhat.com/security/cve/CVE-2023-34969', 'https://bugzilla.redhat.com/2213166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213166', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969', 'https://errata.almalinux.org/9/ALSA-2023-4569.html', 'https://errata.rockylinux.org/RLSA-2023:4569', 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457', 'https://linux.oracle.com/cve/CVE-2023-34969.html', 'https://linux.oracle.com/errata/ELSA-2023-4569.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-34969', 'https://security.netapp.com/advisory/ntap-20231208-0007/', 'https://ubuntu.com/security/notices/USN-6372-1', 'https://www.cve.org/CVERecord?id=CVE-2023-34969'], 'PublishedDate': '2023-06-08T03:15:08.97Z', 'LastModifiedDate': '2023-12-27T16:36:58.353Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'dirmngr@2.2.27-3ubuntu2.1', 'PkgName': 'dirmngr', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2023-30630', 'PkgID': 'dmidecode@3.3-3ubuntu0.1', 'PkgName': 'dmidecode', 'InstalledVersion': '3.3-3ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-30630', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dmidecode: dump-bin to overwrite a local file', 'Description': 'Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:5061', 'https://access.redhat.com/security/cve/CVE-2023-30630', 'https://bugzilla.redhat.com/2186669', 'https://bugzilla.redhat.com/show_bug.cgi?id=2186669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30630', 'https://errata.almalinux.org/9/ALSA-2023-5061.html', 'https://errata.rockylinux.org/RLSA-2023:5061', 'https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2', 'https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206', 'https://github.com/adamreiser/dmiwrite', 'https://github.com/advisories/GHSA-9r2p-xmm5-5ppg', 'https://linux.oracle.com/cve/CVE-2023-30630.html', 'https://linux.oracle.com/errata/ELSA-2023-5252.html', 'https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-30630', 'https://www.cve.org/CVERecord?id=CVE-2023-30630'], 'PublishedDate': '2023-04-13T16:15:07.93Z', 'LastModifiedDate': '2023-09-28T17:54:17.707Z'}, {'VulnerabilityID': 'CVE-2023-4039', 'PkgID': 'gcc-12-base@12.3.0-1ubuntu1~22.04', 'PkgName': 'gcc-12-base', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4039', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64', 'Description': '\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-693'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4039', 'https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64', 'https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt', 'https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html', 'https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf', 'https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org', 'https://linux.oracle.com/cve/CVE-2023-4039.html', 'https://linux.oracle.com/errata/ELSA-2023-28766.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4039', 'https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html', 'https://www.cve.org/CVERecord?id=CVE-2023-4039'], 'PublishedDate': '2023-09-13T09:15:15.69Z', 'LastModifiedDate': '2024-08-02T08:15:14.993Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'gcc-12-base@12.3.0-1ubuntu1~22.04', 'PkgName': 'gcc-12-base', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2018-1000021', 'PkgID': 'git@1:2.34.1-1ubuntu1.11', 'PkgName': 'git', 'InstalledVersion': '1:2.34.1-1ubuntu1.11', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1000021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands', 'Description': 'GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).', 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5}}, 'References': ['http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html', 'https://access.redhat.com/security/cve/CVE-2018-1000021', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1000021', 'https://public-inbox.org/git/20180205204312.GB104086@aiede.svl.corp.google.com/', 'https://www.cve.org/CVERecord?id=CVE-2018-1000021'], 'PublishedDate': '2018-02-09T23:29:00.557Z', 'LastModifiedDate': '2018-03-06T19:34:06.18Z'}, {'VulnerabilityID': 'CVE-2018-1000021', 'PkgID': 'git-man@1:2.34.1-1ubuntu1.11', 'PkgName': 'git-man', 'InstalledVersion': '1:2.34.1-1ubuntu1.11', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1000021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands', 'Description': 'GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).', 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5}}, 'References': ['http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html', 'https://access.redhat.com/security/cve/CVE-2018-1000021', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1000021', 'https://public-inbox.org/git/20180205204312.GB104086@aiede.svl.corp.google.com/', 'https://www.cve.org/CVERecord?id=CVE-2018-1000021'], 'PublishedDate': '2018-02-09T23:29:00.557Z', 'LastModifiedDate': '2018-03-06T19:34:06.18Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gnupg@2.2.27-3ubuntu2.1', 'PkgName': 'gnupg', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gnupg-l10n@2.2.27-3ubuntu2.1', 'PkgName': 'gnupg-l10n', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gnupg-utils@2.2.27-3ubuntu2.1', 'PkgName': 'gnupg-utils', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg@2.2.27-3ubuntu2.1', 'PkgName': 'gpg', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg-agent@2.2.27-3ubuntu2.1', 'PkgName': 'gpg-agent', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg-wks-client@2.2.27-3ubuntu2.1', 'PkgName': 'gpg-wks-client', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg-wks-server@2.2.27-3ubuntu2.1', 'PkgName': 'gpg-wks-server', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpgconf@2.2.27-3ubuntu2.1', 'PkgName': 'gpgconf', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpgsm@2.2.27-3ubuntu2.1', 'PkgName': 'gpgsm', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpgv@2.2.27-3ubuntu2.1', 'PkgName': 'gpgv', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2024-48957', 'PkgID': 'libarchive13@3.6.0-1ubuntu1.1', 'PkgName': 'libarchive13', 'InstalledVersion': '3.6.0-1ubuntu1.1', 'FixedVersion': '3.6.0-1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-48957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "libarchive: Out-of-bounds access in libarchive's archive file handling", 'Description': 'execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-48957', 'https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5)', 'https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5', 'https://github.com/libarchive/libarchive/pull/2149', 'https://nvd.nist.gov/vuln/detail/CVE-2024-48957', 'https://ubuntu.com/security/notices/USN-7070-1', 'https://www.cve.org/CVERecord?id=CVE-2024-48957'], 'PublishedDate': '2024-10-10T02:15:02.99Z', 'LastModifiedDate': '2024-10-11T21:36:47.93Z'}, {'VulnerabilityID': 'CVE-2024-48958', 'PkgID': 'libarchive13@3.6.0-1ubuntu1.1', 'PkgName': 'libarchive13', 'InstalledVersion': '3.6.0-1ubuntu1.1', 'FixedVersion': '3.6.0-1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-48958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "libarchive: Out-of-bounds access in libarchive's RAR file handling", 'Description': 'execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-48958', 'https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 (v3.7.5)', 'https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5', 'https://github.com/libarchive/libarchive/pull/2148', 'https://nvd.nist.gov/vuln/detail/CVE-2024-48958', 'https://ubuntu.com/security/notices/USN-7070-1', 'https://www.cve.org/CVERecord?id=CVE-2024-48958'], 'PublishedDate': '2024-10-10T02:15:03.057Z', 'LastModifiedDate': '2024-10-11T21:36:48.687Z'}, {'VulnerabilityID': 'CVE-2022-36227', 'PkgID': 'libarchive13@3.6.0-1ubuntu1.1', 'PkgName': 'libarchive13', 'InstalledVersion': '3.6.0-1ubuntu1.1', 'FixedVersion': '3.6.0-1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-36227', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libarchive: NULL pointer dereference in archive_write.c', 'Description': 'In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 9.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2532', 'https://access.redhat.com/security/cve/CVE-2022-36227', 'https://bugs.gentoo.org/882521', 'https://bugzilla.redhat.com/2144972', 'https://errata.almalinux.org/9/ALSA-2023-2532.html', 'https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215', 'https://github.com/libarchive/libarchive/issues/1754', 'https://github.com/libarchive/libarchive/pull/1759', 'https://linux.oracle.com/cve/CVE-2022-36227.html', 'https://linux.oracle.com/errata/ELSA-2023-3018.html', 'https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-36227', 'https://security.gentoo.org/glsa/202309-14', 'https://ubuntu.com/security/notices/USN-7070-1', 'https://www.cve.org/CVERecord?id=CVE-2022-36227'], 'PublishedDate': '2022-11-22T02:15:11.003Z', 'LastModifiedDate': '2024-03-27T16:04:27.21Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2016-20013', 'PkgID': 'libc-bin@2.35-0ubuntu3.8', 'PkgName': 'libc-bin', 'InstalledVersion': '2.35-0ubuntu3.8', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-20013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}}, 'References': ['https://akkadia.org/drepper/SHA-crypt.txt', 'https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/', 'https://twitter.com/solardiz/status/795601240151457793', 'https://www.cve.org/CVERecord?id=CVE-2016-20013'], 'PublishedDate': '2022-02-19T05:15:09.413Z', 'LastModifiedDate': '2022-03-03T16:43:19.667Z'}, {'VulnerabilityID': 'CVE-2016-20013', 'PkgID': 'libc6@2.35-0ubuntu3.8', 'PkgName': 'libc6', 'InstalledVersion': '2.35-0ubuntu3.8', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-20013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}}, 'References': ['https://akkadia.org/drepper/SHA-crypt.txt', 'https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/', 'https://twitter.com/solardiz/status/795601240151457793', 'https://www.cve.org/CVERecord?id=CVE-2016-20013'], 'PublishedDate': '2022-02-19T05:15:09.413Z', 'LastModifiedDate': '2022-03-03T16:43:19.667Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2023-34969', 'PkgID': 'libdbus-1-3@1.12.20-2ubuntu4.1', 'PkgName': 'libdbus-1-3', 'InstalledVersion': '1.12.20-2ubuntu4.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-34969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered', 'Description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4569', 'https://access.redhat.com/security/cve/CVE-2023-34969', 'https://bugzilla.redhat.com/2213166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213166', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969', 'https://errata.almalinux.org/9/ALSA-2023-4569.html', 'https://errata.rockylinux.org/RLSA-2023:4569', 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457', 'https://linux.oracle.com/cve/CVE-2023-34969.html', 'https://linux.oracle.com/errata/ELSA-2023-4569.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-34969', 'https://security.netapp.com/advisory/ntap-20231208-0007/', 'https://ubuntu.com/security/notices/USN-6372-1', 'https://www.cve.org/CVERecord?id=CVE-2023-34969'], 'PublishedDate': '2023-06-08T03:15:08.97Z', 'LastModifiedDate': '2023-12-27T16:36:58.353Z'}, {'VulnerabilityID': 'CVE-2022-3287', 'PkgID': 'libfwupd2@1.7.9-1~22.04.3', 'PkgName': 'libfwupd2', 'InstalledVersion': '1.7.9-1~22.04.3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'fwupd: world readable password in /etc/fwupd/redfish.conf', 'Description': 'When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.', 'Severity': 'LOW', 'CweIDs': ['CWE-552', 'CWE-256'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2487', 'https://access.redhat.com/security/cve/CVE-2022-3287', 'https://bugzilla.redhat.com/2120687', 'https://bugzilla.redhat.com/2120699', 'https://bugzilla.redhat.com/2120701', 'https://bugzilla.redhat.com/2129904', 'https://bugzilla.redhat.com/show_bug.cgi?id=2129904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3287', 'https://errata.almalinux.org/9/ALSA-2023-2487.html', 'https://errata.rockylinux.org/RLSA-2023:7189', 'https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091', 'https://linux.oracle.com/cve/CVE-2022-3287.html', 'https://linux.oracle.com/errata/ELSA-2023-7189.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3287', 'https://www.cve.org/CVERecord?id=CVE-2022-3287'], 'PublishedDate': '2022-09-28T20:15:18.433Z', 'LastModifiedDate': '2023-11-07T03:51:04.06Z'}, {'VulnerabilityID': 'CVE-2022-3287', 'PkgID': 'libfwupdplugin5@1.7.9-1~22.04.3', 'PkgName': 'libfwupdplugin5', 'InstalledVersion': '1.7.9-1~22.04.3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'fwupd: world readable password in /etc/fwupd/redfish.conf', 'Description': 'When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.', 'Severity': 'LOW', 'CweIDs': ['CWE-552', 'CWE-256'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2487', 'https://access.redhat.com/security/cve/CVE-2022-3287', 'https://bugzilla.redhat.com/2120687', 'https://bugzilla.redhat.com/2120699', 'https://bugzilla.redhat.com/2120701', 'https://bugzilla.redhat.com/2129904', 'https://bugzilla.redhat.com/show_bug.cgi?id=2129904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3287', 'https://errata.almalinux.org/9/ALSA-2023-2487.html', 'https://errata.rockylinux.org/RLSA-2023:7189', 'https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091', 'https://linux.oracle.com/cve/CVE-2022-3287.html', 'https://linux.oracle.com/errata/ELSA-2023-7189.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3287', 'https://www.cve.org/CVERecord?id=CVE-2022-3287'], 'PublishedDate': '2022-09-28T20:15:18.433Z', 'LastModifiedDate': '2023-11-07T03:51:04.06Z'}, {'VulnerabilityID': 'CVE-2023-4039', 'PkgID': 'libgcc-s1@12.3.0-1ubuntu1~22.04', 'PkgName': 'libgcc-s1', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4039', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64', 'Description': '\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-693'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4039', 'https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64', 'https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt', 'https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html', 'https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf', 'https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org', 'https://linux.oracle.com/cve/CVE-2023-4039.html', 'https://linux.oracle.com/errata/ELSA-2023-28766.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4039', 'https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html', 'https://www.cve.org/CVERecord?id=CVE-2023-4039'], 'PublishedDate': '2023-09-13T09:15:15.69Z', 'LastModifiedDate': '2024-08-02T08:15:14.993Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libgcc-s1@12.3.0-1ubuntu1~22.04', 'PkgName': 'libgcc-s1', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2024-2236', 'PkgID': 'libgcrypt20@1.9.4-3ubuntu3', 'PkgName': 'libgcrypt20', 'InstalledVersion': '1.9.4-3ubuntu3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-2236', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libgcrypt: vulnerable to Marvin Attack', 'Description': "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-208'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-2236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2245218', 'https://dev.gnupg.org/T7136', 'https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt', 'https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17', 'https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-2236', 'https://www.cve.org/CVERecord?id=CVE-2024-2236'], 'PublishedDate': '2024-03-06T22:15:57.977Z', 'LastModifiedDate': '2024-09-14T04:15:02.903Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libgssapi-krb5-2@1.19.2-2ubuntu0.4', 'PkgName': 'libgssapi-krb5-2', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libgssapi-krb5-2@1.19.2-2ubuntu0.4', 'PkgName': 'libgssapi-krb5-2', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libgssapi-krb5-2@1.19.2-2ubuntu0.4', 'PkgName': 'libgssapi-krb5-2', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libk5crypto3@1.19.2-2ubuntu0.4', 'PkgName': 'libk5crypto3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libk5crypto3@1.19.2-2ubuntu0.4', 'PkgName': 'libk5crypto3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libk5crypto3@1.19.2-2ubuntu0.4', 'PkgName': 'libk5crypto3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libkrb5-3@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5-3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libkrb5-3@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5-3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libkrb5-3@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5-3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libkrb5support0@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5support0', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libkrb5support0@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5support0', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libkrb5support0@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5support0', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'libncurses6@6.3-2ubuntu0.1', 'PkgName': 'libncurses6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'libncurses6@6.3-2ubuntu0.1', 'PkgName': 'libncurses6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'libncursesw6@6.3-2ubuntu0.1', 'PkgName': 'libncursesw6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'libncursesw6@6.3-2ubuntu0.1', 'PkgName': 'libncursesw6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libnss-systemd@249.11-0ubuntu3.12', 'PkgName': 'libnss-systemd', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-52890', 'PkgID': 'libntfs-3g89@1:2021.8.22-3ubuntu1.2', 'PkgName': 'libntfs-3g89', 'InstalledVersion': '1:2021.8.22-3ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...', 'Description': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.', 'Severity': 'LOW', 'References': ['https://github.com/tuxera/ntfs-3g/issues/84', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52890', 'https://www.cve.org/CVERecord?id=CVE-2023-52890'], 'PublishedDate': '2024-06-13T04:15:15.92Z', 'LastModifiedDate': '2024-06-13T18:36:09.01Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libpam-systemd@249.11-0ubuntu3.12', 'PkgName': 'libpam-systemd', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2022-41409', 'PkgID': 'libpcre2-8-0@10.39-3ubuntu0.1', 'PkgName': 'libpcre2-8-0', 'InstalledVersion': '10.39-3ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-41409', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop', 'Description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.', 'Severity': 'LOW', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-41409', 'https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35', 'https://github.com/PCRE2Project/pcre2/issues/141', 'https://github.com/advisories/GHSA-4qfx-v7wh-3q4j', 'https://nvd.nist.gov/vuln/detail/CVE-2022-41409', 'https://www.cve.org/CVERecord?id=CVE-2022-41409'], 'PublishedDate': '2023-07-18T14:15:12.197Z', 'LastModifiedDate': '2023-07-27T03:46:09.807Z'}, {'VulnerabilityID': 'CVE-2017-11164', 'PkgID': 'libpcre3@2:8.39-13ubuntu0.22.04.1', 'PkgName': 'libpcre3', 'InstalledVersion': '2:8.39-13ubuntu0.22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-11164', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'pcre: OP_KETRMAX feature in the match function in pcre_exec.c', 'Description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 7.8, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://openwall.com/lists/oss-security/2017/07/11/3', 'http://www.openwall.com/lists/oss-security/2023/04/11/1', 'http://www.openwall.com/lists/oss-security/2023/04/12/1', 'http://www.securityfocus.com/bid/99575', 'https://access.redhat.com/security/cve/CVE-2017-11164', 'https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E', 'https://nvd.nist.gov/vuln/detail/CVE-2017-11164', 'https://www.cve.org/CVERecord?id=CVE-2017-11164'], 'PublishedDate': '2017-07-11T03:29:00.277Z', 'LastModifiedDate': '2023-11-07T02:38:10.98Z'}, {'VulnerabilityID': 'CVE-2022-3857', 'PkgID': 'libpng16-16@1.6.37-3build5', 'PkgName': 'libpng16-16', 'InstalledVersion': '1.6.37-3build5', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libpng: Null pointer dereference leads to segmentation fault', 'Description': 'Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3857', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3857', 'https://sourceforge.net/p/libpng/bugs/300/', 'https://www.cve.org/CVERecord?id=CVE-2022-3857'], 'PublishedDate': '2023-03-06T23:15:11.087Z', 'LastModifiedDate': '2024-10-09T04:15:06.567Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'libpolkit-agent-1-0@0.105-33', 'PkgName': 'libpolkit-agent-1-0', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'libpolkit-gobject-1-0@0.105-33', 'PkgName': 'libpolkit-gobject-1-0', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2024-41996', 'PkgID': 'libssl3@3.0.2-0ubuntu1.18', 'PkgName': 'libssl3', 'InstalledVersion': '3.0.2-0ubuntu1.18', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations', 'Description': 'Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.', 'Severity': 'LOW', 'CweIDs': ['CWE-295'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41996', 'https://dheatattack.gitlab.io/details/', 'https://dheatattack.gitlab.io/faq/', 'https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1', 'https://github.com/openssl/openssl/issues/17374', 'https://github.com/openssl/openssl/pull/25088', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41996', 'https://openssl-library.org/post/2022-10-21-tls-groups-configuration/', 'https://www.cve.org/CVERecord?id=CVE-2024-41996'], 'PublishedDate': '2024-08-26T06:15:04.603Z', 'LastModifiedDate': '2024-08-26T16:35:11.247Z'}, {'VulnerabilityID': 'CVE-2023-4039', 'PkgID': 'libstdc++6@12.3.0-1ubuntu1~22.04', 'PkgName': 'libstdc++6', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4039', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64', 'Description': '\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-693'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4039', 'https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64', 'https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt', 'https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html', 'https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf', 'https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org', 'https://linux.oracle.com/cve/CVE-2023-4039.html', 'https://linux.oracle.com/errata/ELSA-2023-28766.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4039', 'https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html', 'https://www.cve.org/CVERecord?id=CVE-2023-4039'], 'PublishedDate': '2023-09-13T09:15:15.69Z', 'LastModifiedDate': '2024-08-02T08:15:14.993Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libstdc++6@12.3.0-1ubuntu1~22.04', 'PkgName': 'libstdc++6', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libsystemd0@249.11-0ubuntu3.12', 'PkgName': 'libsystemd0', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'libtinfo6@6.3-2ubuntu0.1', 'PkgName': 'libtinfo6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'libtinfo6@6.3-2ubuntu0.1', 'PkgName': 'libtinfo6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libudev1@249.11-0ubuntu3.12', 'PkgName': 'libudev1', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2022-4899', 'PkgID': 'libzstd1@1.4.8+dfsg-3build1', 'PkgName': 'libzstd1', 'InstalledVersion': '1.4.8+dfsg-3build1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-4899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'zstd: mysql: buffer overrun in util.c', 'Description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1141', 'https://access.redhat.com/security/cve/CVE-2022-4899', 'https://bugzilla.redhat.com/2179864', 'https://bugzilla.redhat.com/2188109', 'https://bugzilla.redhat.com/2188113', 'https://bugzilla.redhat.com/2188115', 'https://bugzilla.redhat.com/2188116', 'https://bugzilla.redhat.com/2188117', 'https://bugzilla.redhat.com/2188118', 'https://bugzilla.redhat.com/2188119', 'https://bugzilla.redhat.com/2188120', 'https://bugzilla.redhat.com/2188121', 'https://bugzilla.redhat.com/2188122', 'https://bugzilla.redhat.com/2188123', 'https://bugzilla.redhat.com/2188124', 'https://bugzilla.redhat.com/2188125', 'https://bugzilla.redhat.com/2188127', 'https://bugzilla.redhat.com/2188128', 'https://bugzilla.redhat.com/2188129', 'https://bugzilla.redhat.com/2188130', 'https://bugzilla.redhat.com/2188131', 'https://bugzilla.redhat.com/2188132', 'https://bugzilla.redhat.com/2224211', 'https://bugzilla.redhat.com/2224212', 'https://bugzilla.redhat.com/2224213', 'https://bugzilla.redhat.com/2224214', 'https://bugzilla.redhat.com/2224215', 'https://bugzilla.redhat.com/2224216', 'https://bugzilla.redhat.com/2224217', 'https://bugzilla.redhat.com/2224218', 'https://bugzilla.redhat.com/2224219', 'https://bugzilla.redhat.com/2224220', 'https://bugzilla.redhat.com/2224221', 'https://bugzilla.redhat.com/2224222', 'https://bugzilla.redhat.com/2245014', 'https://bugzilla.redhat.com/2245015', 'https://bugzilla.redhat.com/2245016', 'https://bugzilla.redhat.com/2245017', 'https://bugzilla.redhat.com/2245018', 'https://bugzilla.redhat.com/2245019', 'https://bugzilla.redhat.com/2245020', 'https://bugzilla.redhat.com/2245021', 'https://bugzilla.redhat.com/2245022', 'https://bugzilla.redhat.com/2245023', 'https://bugzilla.redhat.com/2245024', 'https://bugzilla.redhat.com/2245026', 'https://bugzilla.redhat.com/2245027', 'https://bugzilla.redhat.com/2245028', 'https://bugzilla.redhat.com/2245029', 'https://bugzilla.redhat.com/2245030', 'https://bugzilla.redhat.com/2245031', 'https://bugzilla.redhat.com/2245032', 'https://bugzilla.redhat.com/2245033', 'https://bugzilla.redhat.com/2245034', 'https://bugzilla.redhat.com/2258771', 'https://bugzilla.redhat.com/2258772', 'https://bugzilla.redhat.com/2258773', 'https://bugzilla.redhat.com/2258774', 'https://bugzilla.redhat.com/2258775', 'https://bugzilla.redhat.com/2258776', 'https://bugzilla.redhat.com/2258777', 'https://bugzilla.redhat.com/2258778', 'https://bugzilla.redhat.com/2258779', 'https://bugzilla.redhat.com/2258780', 'https://bugzilla.redhat.com/2258781', 'https://bugzilla.redhat.com/2258782', 'https://bugzilla.redhat.com/2258783', 'https://bugzilla.redhat.com/2258784', 'https://bugzilla.redhat.com/2258785', 'https://bugzilla.redhat.com/2258787', 'https://bugzilla.redhat.com/2258788', 'https://bugzilla.redhat.com/2258789', 'https://bugzilla.redhat.com/2258790', 'https://bugzilla.redhat.com/2258791', 'https://bugzilla.redhat.com/2258792', 'https://bugzilla.redhat.com/2258793', 'https://bugzilla.redhat.com/2258794', 'https://errata.almalinux.org/9/ALSA-2024-1141.html', 'https://github.com/facebook/zstd', 'https://github.com/facebook/zstd/issues/3200', 'https://github.com/facebook/zstd/pull/3220', 'https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml', 'https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6', 'https://linux.oracle.com/cve/CVE-2022-4899.html', 'https://linux.oracle.com/errata/ELSA-2024-1141.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN', 'https://nvd.nist.gov/vuln/detail/CVE-2022-4899', 'https://security.netapp.com/advisory/ntap-20230725-0005', 'https://security.netapp.com/advisory/ntap-20230725-0005/', 'https://www.cve.org/CVERecord?id=CVE-2022-4899'], 'PublishedDate': '2023-03-31T20:15:07.213Z', 'LastModifiedDate': '2023-11-07T03:59:16.09Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-27397', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'FixedVersion': '5.15.0-124.134', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27397', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nf_tables: use timestamp to check for set element timeout', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: use timestamp to check for set element timeout\n\nAdd a timestamp field at the beginning of the transaction, store it\nin the nftables per-netns area.\n\nUpdate set backend .insert, .deactivate and sync gc path to use the\ntimestamp, this avoids that an element expires while control plane\ntransaction is still unfinished.\n\n.lookup and .update, which are used from packet path, still use the\ncurrent time to check if the element has expired. And .get path and dump\nalso since this runs lockless under rcu read size lock. Then, there is\nasync gc which also needs to check the current time since it runs\nasynchronously from a workqueue.', 'Severity': 'HIGH', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-27397', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273082', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273466', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281131', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293230', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293456', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294225', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4583', 'https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)', 'https://git.kernel.org/stable/c/0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d', 'https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3', 'https://git.kernel.org/stable/c/7395dfacfff65e9938ac0889dafa1ab01e987d15', 'https://git.kernel.org/stable/c/7b17de2a71e56c10335b565cc7ad238e6d984379', 'https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01', 'https://git.kernel.org/stable/c/eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe', 'https://git.kernel.org/stable/c/f8dfda798650241c1692058713ca4fef8e429061', 'https://linux.oracle.com/cve/CVE-2024-27397.html', 'https://linux.oracle.com/errata/ELSA-2024-4583.html', 'https://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27397-fd1e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27397', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27397'], 'PublishedDate': '2024-05-14T15:12:28.24Z', 'LastModifiedDate': '2024-08-19T05:15:06.293Z'}, {'VulnerabilityID': 'CVE-2024-38630', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'FixedVersion': '5.15.0-124.134', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38630', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.', 'Severity': 'HIGH', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38630', 'https://git.kernel.org/linus/573601521277119f2e2ba5f28ae6e87fc594f4d4 (6.10-rc1)', 'https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4', 'https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314', 'https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a', 'https://lore.kernel.org/linux-cve-announce/2024062141-CVE-2024-38630-3640@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38630', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38630'], 'PublishedDate': '2024-06-21T11:15:11.81Z', 'LastModifiedDate': '2024-09-09T13:43:13.5Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2018-7191', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-7191', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: denial of service via ioctl call in network tun handling', 'Description': 'In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html', 'http://www.securityfocus.com/bid/108380', 'https://access.redhat.com/security/cve/CVE-2018-7191', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748846', 'https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ad646c81b2182f7fa67ec0c8c825e0ee165696d', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c25f65fd1e42685f7ccd80e0621829c105785d9', 'https://git.kernel.org/linus/0ad646c81b2182f7fa67ec0c8c825e0ee165696d', 'https://git.kernel.org/linus/5c25f65fd1e42685f7ccd80e0621829c105785d9', 'https://github.com/torvalds/linux/commit/0ad646c81b2182f7fa67ec0c8c825e0ee165696d', 'https://github.com/torvalds/linux/commit/5c25f65fd1e42685f7ccd80e0621829c105785d9', 'https://linux.oracle.com/cve/CVE-2018-7191.html', 'https://linux.oracle.com/errata/ELSA-2020-1016.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-7191', 'https://www.cve.org/CVERecord?id=CVE-2018-7191'], 'PublishedDate': '2019-05-17T05:29:00.223Z', 'LastModifiedDate': '2019-05-31T12:29:01.33Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-3864', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: descendant's dumpable setting with certain SUID binaries", 'Description': 'A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-284'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3864', 'https://bugzilla.redhat.com/show_bug.cgi?id=2015046', 'https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/', 'https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com', 'https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/', 'https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/', 'https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/', 'https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3864', 'https://security-tracker.debian.org/tracker/CVE-2021-3864', 'https://www.cve.org/CVERecord?id=CVE-2021-3864', 'https://www.openwall.com/lists/oss-security/2021/10/20/2'], 'PublishedDate': '2022-08-26T16:15:09.68Z', 'LastModifiedDate': '2023-02-12T23:42:51.317Z'}, {'VulnerabilityID': 'CVE-2021-4095', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-4095', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c', 'Description': "A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 1.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2022/01/17/1', 'https://access.redhat.com/security/cve/CVE-2021-4095', 'https://bugzilla.redhat.com/show_bug.cgi?id=2031194', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55749769fe608fa3f4a075e42e89d237c8e3763', 'https://linux.oracle.com/cve/CVE-2021-4095.html', 'https://linux.oracle.com/errata/ELSA-2022-9534.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/', 'https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-4095', 'https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/', 'https://seclists.org/oss-sec/2021/q4/157', 'https://www.cve.org/CVERecord?id=CVE-2021-4095'], 'PublishedDate': '2022-03-10T17:44:53.563Z', 'LastModifiedDate': '2023-11-07T03:40:10.533Z'}, {'VulnerabilityID': 'CVE-2021-47432', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47432', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: lib/generic-radix-tree.c: Don't overflow in peek()", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2021-47432', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/9492261ff2460252cf2d8de89cdf854c7e2b28a0 (6.7-rc1)', 'https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac', 'https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0', 'https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437', 'https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c', 'https://linux.oracle.com/cve/CVE-2021-47432.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47432-5e69@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47432', 'https://www.cve.org/CVERecord?id=CVE-2021-47432'], 'PublishedDate': '2024-05-21T16:15:12.007Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-0995', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kernel bug in the watch_queue subsystem', 'Description': 'An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html', 'http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html', 'https://access.redhat.com/security/cve/CVE-2022-0995', 'https://bugzilla.redhat.com/show_bug.cgi?id=2063786', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0995', 'https://security.netapp.com/advisory/ntap-20220429-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-0995'], 'PublishedDate': '2022-03-25T19:15:10.52Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2022-1205', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-1205', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Null pointer dereference and use after free in net/ax25/ax25_timer.c', 'Description': 'A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-1205', 'https://bugzilla.redhat.com/show_bug.cgi?id=2071047', 'https://github.com/torvalds/linux/commit/82e31755e55fbcea6a9dfaae5fe4860ade17cbc0', 'https://github.com/torvalds/linux/commit/fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009', 'https://marc.info/?i=56c38247.32aa9.17fe95728b3.Coremail.duoming@zju.edu.cn', 'https://nvd.nist.gov/vuln/detail/CVE-2022-1205', 'https://ubuntu.com/security/notices/USN-5469-1', 'https://ubuntu.com/security/notices/USN-5471-1', 'https://ubuntu.com/security/notices/USN-5514-1', 'https://ubuntu.com/security/notices/USN-5515-1', 'https://ubuntu.com/security/notices/USN-5539-1', 'https://ubuntu.com/security/notices/USN-5541-1', 'https://ubuntu.com/security/notices/USN-6001-1', 'https://ubuntu.com/security/notices/USN-6013-1', 'https://ubuntu.com/security/notices/USN-6014-1', 'https://www.cve.org/CVERecord?id=CVE-2022-1205', 'https://www.openwall.com/lists/oss-security/2022/04/02/4'], 'PublishedDate': '2022-08-31T16:15:09.11Z', 'LastModifiedDate': '2023-11-07T03:41:48.84Z'}, {'VulnerabilityID': 'CVE-2022-1247', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-1247', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: A race condition bug in rose_connect()', 'Description': 'An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-1247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2066799', 'https://lore.kernel.org/all/20220711013111.33183-1-duoming@zju.edu.cn/', 'https://lore.kernel.org/all/cover.1656031586.git.duoming@zju.edu.cn/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-1247', 'https://www.cve.org/CVERecord?id=CVE-2022-1247'], 'PublishedDate': '2022-08-31T16:15:09.177Z', 'LastModifiedDate': '2022-09-06T19:24:14.887Z'}, {'VulnerabilityID': 'CVE-2022-25836', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-25836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-294'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N', 'V3Score': 7.5}}, 'References': ['https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/', 'https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/', 'https://www.cve.org/CVERecord?id=CVE-2022-25836'], 'PublishedDate': '2022-12-12T04:15:09.587Z', 'LastModifiedDate': '2022-12-14T17:53:27.793Z'}, {'VulnerabilityID': 'CVE-2022-2961', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-2961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: race condition in rose_bind()', 'Description': 'A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-2961', 'https://nvd.nist.gov/vuln/detail/CVE-2022-2961', 'https://security.netapp.com/advisory/ntap-20230214-0004/', 'https://www.cve.org/CVERecord?id=CVE-2022-2961'], 'PublishedDate': '2022-08-29T15:15:10.81Z', 'LastModifiedDate': '2023-06-28T20:34:05.737Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-3523', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3523', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: race when faulting a device private page in memory manager', 'Description': 'A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416', 'CWE-119'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3523', 'https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33', 'https://linux.oracle.com/cve/CVE-2022-3523.html', 'https://linux.oracle.com/errata/ELSA-2023-6583.html', 'https://lore.kernel.org/all/8735bbuyvs.fsf@nvidia.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3523', 'https://vuldb.com/?id.211020', 'https://www.cve.org/CVERecord?id=CVE-2022-3523'], 'PublishedDate': '2022-10-16T10:15:10.193Z', 'LastModifiedDate': '2023-11-07T03:51:21.797Z'}, {'VulnerabilityID': 'CVE-2022-38457', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-38457', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vmwgfx: use-after-free in vmw_cmd_res_check', 'Description': "A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7077', 'https://access.redhat.com/security/cve/CVE-2022-38457', 'https://bugzilla.openanolis.cn/show_bug.cgi?id=2074', 'https://bugzilla.redhat.com/2024989', 'https://bugzilla.redhat.com/2073091', 'https://bugzilla.redhat.com/2133453', 'https://bugzilla.redhat.com/2133455', 'https://bugzilla.redhat.com/2139610', 'https://bugzilla.redhat.com/2147356', 'https://bugzilla.redhat.com/2148520', 'https://bugzilla.redhat.com/2149024', 'https://bugzilla.redhat.com/2151317', 'https://bugzilla.redhat.com/2156322', 'https://bugzilla.redhat.com/2165741', 'https://bugzilla.redhat.com/2165926', 'https://bugzilla.redhat.com/2168332', 'https://bugzilla.redhat.com/2173403', 'https://bugzilla.redhat.com/2173430', 'https://bugzilla.redhat.com/2173434', 'https://bugzilla.redhat.com/2173444', 'https://bugzilla.redhat.com/2174400', 'https://bugzilla.redhat.com/2175903', 'https://bugzilla.redhat.com/2176140', 'https://bugzilla.redhat.com/2177371', 'https://bugzilla.redhat.com/2177389', 'https://bugzilla.redhat.com/2181330', 'https://bugzilla.redhat.com/2182443', 'https://bugzilla.redhat.com/2184578', 'https://bugzilla.redhat.com/2185945', 'https://bugzilla.redhat.com/2187257', 'https://bugzilla.redhat.com/2188468', 'https://bugzilla.redhat.com/2192667', 'https://bugzilla.redhat.com/2192671', 'https://bugzilla.redhat.com/2193097', 'https://bugzilla.redhat.com/2193219', 'https://bugzilla.redhat.com/2213139', 'https://bugzilla.redhat.com/2213199', 'https://bugzilla.redhat.com/2213485', 'https://bugzilla.redhat.com/2213802', 'https://bugzilla.redhat.com/2214348', 'https://bugzilla.redhat.com/2215502', 'https://bugzilla.redhat.com/2215835', 'https://bugzilla.redhat.com/2215836', 'https://bugzilla.redhat.com/2215837', 'https://bugzilla.redhat.com/2218195', 'https://bugzilla.redhat.com/2218212', 'https://bugzilla.redhat.com/2218943', 'https://bugzilla.redhat.com/2221707', 'https://bugzilla.redhat.com/2223949', 'https://bugzilla.redhat.com/2225191', 'https://bugzilla.redhat.com/2225201', 'https://bugzilla.redhat.com/2225511', 'https://bugzilla.redhat.com/2236982', 'https://errata.almalinux.org/8/ALSA-2023-7077.html', 'https://linux.oracle.com/cve/CVE-2022-38457.html', 'https://linux.oracle.com/errata/ELSA-2023-7077.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-38457', 'https://www.cve.org/CVERecord?id=CVE-2022-38457'], 'PublishedDate': '2022-09-09T15:15:14.52Z', 'LastModifiedDate': '2023-04-17T16:45:05.667Z'}, {'VulnerabilityID': 'CVE-2022-40133', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-40133', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context', 'Description': "A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7077', 'https://access.redhat.com/security/cve/CVE-2022-40133', 'https://bugzilla.openanolis.cn/show_bug.cgi?id=2075', 'https://bugzilla.redhat.com/2024989', 'https://bugzilla.redhat.com/2073091', 'https://bugzilla.redhat.com/2133453', 'https://bugzilla.redhat.com/2133455', 'https://bugzilla.redhat.com/2139610', 'https://bugzilla.redhat.com/2147356', 'https://bugzilla.redhat.com/2148520', 'https://bugzilla.redhat.com/2149024', 'https://bugzilla.redhat.com/2151317', 'https://bugzilla.redhat.com/2156322', 'https://bugzilla.redhat.com/2165741', 'https://bugzilla.redhat.com/2165926', 'https://bugzilla.redhat.com/2168332', 'https://bugzilla.redhat.com/2173403', 'https://bugzilla.redhat.com/2173430', 'https://bugzilla.redhat.com/2173434', 'https://bugzilla.redhat.com/2173444', 'https://bugzilla.redhat.com/2174400', 'https://bugzilla.redhat.com/2175903', 'https://bugzilla.redhat.com/2176140', 'https://bugzilla.redhat.com/2177371', 'https://bugzilla.redhat.com/2177389', 'https://bugzilla.redhat.com/2181330', 'https://bugzilla.redhat.com/2182443', 'https://bugzilla.redhat.com/2184578', 'https://bugzilla.redhat.com/2185945', 'https://bugzilla.redhat.com/2187257', 'https://bugzilla.redhat.com/2188468', 'https://bugzilla.redhat.com/2192667', 'https://bugzilla.redhat.com/2192671', 'https://bugzilla.redhat.com/2193097', 'https://bugzilla.redhat.com/2193219', 'https://bugzilla.redhat.com/2213139', 'https://bugzilla.redhat.com/2213199', 'https://bugzilla.redhat.com/2213485', 'https://bugzilla.redhat.com/2213802', 'https://bugzilla.redhat.com/2214348', 'https://bugzilla.redhat.com/2215502', 'https://bugzilla.redhat.com/2215835', 'https://bugzilla.redhat.com/2215836', 'https://bugzilla.redhat.com/2215837', 'https://bugzilla.redhat.com/2218195', 'https://bugzilla.redhat.com/2218212', 'https://bugzilla.redhat.com/2218943', 'https://bugzilla.redhat.com/2221707', 'https://bugzilla.redhat.com/2223949', 'https://bugzilla.redhat.com/2225191', 'https://bugzilla.redhat.com/2225201', 'https://bugzilla.redhat.com/2225511', 'https://bugzilla.redhat.com/2236982', 'https://errata.almalinux.org/8/ALSA-2023-7077.html', 'https://linux.oracle.com/cve/CVE-2022-40133.html', 'https://linux.oracle.com/errata/ELSA-2023-7077.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-40133', 'https://www.cve.org/CVERecord?id=CVE-2022-40133'], 'PublishedDate': '2022-09-09T15:15:15.137Z', 'LastModifiedDate': '2023-04-17T16:44:56.427Z'}, {'VulnerabilityID': 'CVE-2022-4543', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-4543', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KASLR Prefetch Bypass Breaks KPTI', 'Description': 'A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-203', 'CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-4543', 'https://nvd.nist.gov/vuln/detail/CVE-2022-4543', 'https://www.cve.org/CVERecord?id=CVE-2022-4543', 'https://www.openwall.com/lists/oss-security/2022/12/16/3', 'https://www.willsroot.io/2022/12/entrybleed.html'], 'PublishedDate': '2023-01-11T15:15:09.673Z', 'LastModifiedDate': '2023-01-19T18:38:32.673Z'}, {'VulnerabilityID': 'CVE-2022-48628', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48628', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ceph: drop messages from MDS when unmounting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: drop messages from MDS when unmounting\n\nWhen unmounting all the dirty buffers will be flushed and after\nthe last osd request is finished the last reference of the i_count\nwill be released. Then it will flush the dirty cap/snap to MDSs,\nand the unmounting won\'t wait the possible acks, which will ihold\nthe inodes when updating the metadata locally but makes no sense\nany more, of this. This will make the evict_inodes() to skip these\ninodes.\n\nIf encrypt is enabled the kernel generate a warning when removing\nthe encrypt keys when the skipped inodes still hold the keyring:\n\nWARNING: CPU: 4 PID: 168846 at fs/crypto/keyring.c:242 fscrypt_destroy_keyring+0x7e/0xd0\nCPU: 4 PID: 168846 Comm: umount Tainted: G S  6.1.0-rc5-ceph-g72ead199864c #1\nHardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 2.0 12/17/2015\nRIP: 0010:fscrypt_destroy_keyring+0x7e/0xd0\nRSP: 0018:ffffc9000b277e28 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff88810d52ac00 RCX: ffff88810b56aa00\nRDX: 0000000080000000 RSI: ffffffff822f3a09 RDI: ffff888108f59000\nRBP: ffff8881d394fb88 R08: 0000000000000028 R09: 0000000000000000\nR10: 0000000000000001 R11: 11ff4fe6834fcd91 R12: ffff8881d394fc40\nR13: ffff888108f59000 R14: ffff8881d394f800 R15: 0000000000000000\nFS:  00007fd83f6f1080(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f918d417000 CR3: 000000017f89a005 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\ngeneric_shutdown_super+0x47/0x120\nkill_anon_super+0x14/0x30\nceph_kill_sb+0x36/0x90 [ceph]\ndeactivate_locked_super+0x29/0x60\ncleanup_mnt+0xb8/0x140\ntask_work_run+0x67/0xb0\nexit_to_user_mode_prepare+0x23d/0x240\nsyscall_exit_to_user_mode+0x25/0x60\ndo_syscall_64+0x40/0x80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fd83dc39e9b\n\nLater the kernel will crash when iput() the inodes and dereferencing\nthe "sb->s_master_keys", which has been released by the\ngeneric_shutdown_super().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48628', 'https://git.kernel.org/linus/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd (6.6-rc1)', 'https://git.kernel.org/stable/c/47f82395f04a976d4fa97de7f2acffa1c1096571', 'https://git.kernel.org/stable/c/89744b64914426cbabceb3d8a149176b5dafdfb5', 'https://git.kernel.org/stable/c/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd', 'https://lore.kernel.org/linux-cve-announce/2024030245-CVE-2022-48628-181a@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48628', 'https://www.cve.org/CVERecord?id=CVE-2022-48628'], 'PublishedDate': '2024-03-02T22:15:47Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2022-48633', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48633', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: Fix WARN_ON(lock-->magic != lock) error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix WARN_ON(lock->magic != lock) error\n\npsb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex\ngets destroyed by drm_gem_object_release() move the\ndrm_gem_object_release() call in psb_gem_free_object() to after\nthe unpin to fix the below warning:\n\n[   79.693962] ------------[ cut here ]------------\n[   79.693992] DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n[   79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __ww_mutex_lock.constprop.0+0x569/0xfb0\n[   79.694052] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer qrtr bnep ath9k ath9k_common ath9k_hw snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel ath3k snd_intel_dspcfg mac80211 snd_intel_sdw_acpi btusb snd_hda_codec btrtl btbcm btintel btmtk bluetooth at24 snd_hda_core snd_hwdep uvcvideo snd_seq libarc4 videobuf2_vmalloc ath videobuf2_memops videobuf2_v4l2 videobuf2_common snd_seq_device videodev acer_wmi intel_powerclamp coretemp mc snd_pcm joydev sparse_keymap ecdh_generic pcspkr wmi_bmof cfg80211 i2c_i801 i2c_smbus snd_timer snd r8169 rfkill lpc_ich soundcore acpi_cpufreq zram rtsx_pci_sdmmc mmc_core serio_raw rtsx_pci gma500_gfx(E) video wmi ip6_tables ip_tables i2c_dev fuse\n[   79.694436] CPU: 0 PID: 240 Comm: plymouthd Tainted: G        W   E      6.0.0-rc3+ #490\n[   79.694457] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[   79.694469] RIP: 0010:__ww_mutex_lock.constprop.0+0x569/0xfb0\n[   79.694496] Code: ff 85 c0 0f 84 15 fb ff ff 8b 05 ca 3c 11 01 85 c0 0f 85 07 fb ff ff 48 c7 c6 30 cb 84 aa 48 c7 c7 a3 e1 82 aa e8 ac 29 f8 ff <0f> 0b e9 ed fa ff ff e8 5b 83 8a ff 85 c0 74 10 44 8b 0d 98 3c 11\n[   79.694513] RSP: 0018:ffffad1dc048bbe0 EFLAGS: 00010282\n[   79.694623] RAX: 0000000000000028 RBX: 0000000000000000 RCX: 0000000000000000\n[   79.694636] RDX: 0000000000000001 RSI: ffffffffaa8b0ffc RDI: 00000000ffffffff\n[   79.694650] RBP: ffffad1dc048bc80 R08: 0000000000000000 R09: ffffad1dc048ba90\n[   79.694662] R10: 0000000000000003 R11: ffffffffaad62fe8 R12: ffff9ff302103138\n[   79.694675] R13: ffff9ff306ec8000 R14: ffff9ff307779078 R15: ffff9ff3014c0270\n[   79.694690] FS:  00007ff1cccf1740(0000) GS:ffff9ff3bc200000(0000) knlGS:0000000000000000\n[   79.694705] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   79.694719] CR2: 0000559ecbcb4420 CR3: 0000000013210000 CR4: 00000000000006f0\n[   79.694734] Call Trace:\n[   79.694749]  <TASK>\n[   79.694761]  ? __schedule+0x47f/0x1670\n[   79.694796]  ? psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[   79.694830]  ? lock_is_held_type+0xe3/0x140\n[   79.694864]  ? ww_mutex_lock+0x38/0xa0\n[   79.694885]  ? __cond_resched+0x1c/0x30\n[   79.694902]  ww_mutex_lock+0x38/0xa0\n[   79.694925]  psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[   79.694964]  psb_gem_unpin+0x199/0x1a0 [gma500_gfx]\n[   79.694996]  drm_gem_object_release_handle+0x50/0x60\n[   79.695020]  ? drm_gem_object_handle_put_unlocked+0xf0/0xf0\n[   79.695042]  idr_for_each+0x4b/0xb0\n[   79.695066]  ? _raw_spin_unlock_irqrestore+0x30/0x60\n[   79.695095]  drm_gem_release+0x1c/0x30\n[   79.695118]  drm_file_free.part.0+0x1ea/0x260\n[   79.695150]  drm_release+0x6a/0x120\n[   79.695175]  __fput+0x9f/0x260\n[   79.695203]  task_work_run+0x59/0xa0\n[   79.695227]  do_exit+0x387/0xbe0\n[   79.695250]  ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[   79.695275]  ? lockdep_hardirqs_on+0x7d/0x100\n[   79.695304]  do_group_exit+0x33/0xb0\n[   79.695331]  __x64_sys_exit_group+0x14/0x20\n[   79.695353]  do_syscall_64+0x58/0x80\n[   79.695376]  ? up_read+0x17/0x20\n[   79.695401]  ? lock_is_held_type+0xe3/0x140\n[   79.695429]  ? asm_exc_page_fault+0x22/0x30\n[   79.695450]  ? lockdep_hardirqs_on+0x7d/0x100\n[   79.695473]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[   79.695493] RIP: 0033:0x7ff1ccefe3f1\n[   79.695516] Code: Unable to access opcode bytes at RIP 0x7ff1ccefe3c7.\n[   79.695607] RSP: 002b:00007ffed4413378 EFLAGS: \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48633', 'https://git.kernel.org/linus/b6f25c3b94f2aadbf5cbef954db4073614943d74 (6.0-rc6)', 'https://git.kernel.org/stable/c/55c077d97fa67e9f19952bb24122a8316b089474', 'https://git.kernel.org/stable/c/b6f25c3b94f2aadbf5cbef954db4073614943d74', 'https://lore.kernel.org/linux-cve-announce/2024042854-CVE-2022-48633-f726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48633', 'https://www.cve.org/CVERecord?id=CVE-2022-48633'], 'PublishedDate': '2024-04-28T13:15:06.56Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2022-48646', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48646', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sfc/siena: fix null pointer dereference in efx_hard_start_xmit', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc/siena: fix null pointer dereference in efx_hard_start_xmit\n\nLike in previous patch for sfc, prevent potential (but unlikely) NULL\npointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48646', 'https://git.kernel.org/linus/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa (6.0-rc7)', 'https://git.kernel.org/stable/c/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa', 'https://git.kernel.org/stable/c/a4eadca702dff0768dd01be6789bbec2a18e5b0a', 'https://lore.kernel.org/linux-cve-announce/2024042857-CVE-2022-48646-35f2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48646', 'https://www.cve.org/CVERecord?id=CVE-2022-48646'], 'PublishedDate': '2024-04-28T13:15:07.187Z', 'LastModifiedDate': '2024-08-01T13:43:06.74Z'}, {'VulnerabilityID': 'CVE-2022-48667', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: fix temporary data corruption in insert range', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in insert range\n\ninsert range doesn't discard the affected cached region\nso can risk temporarily corrupting file data.\n\nAlso includes some minor cleanup (avoiding rereading\ninode size repeatedly unnecessarily) to make it clearer.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48667', 'https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4)', 'https://git.kernel.org/stable/c/0cdde8460c304283d4ebe3f767a70215d1ab9d4e', 'https://git.kernel.org/stable/c/9c8b7a293f50253e694f19161c045817a938e551', 'https://lore.kernel.org/linux-cve-announce/2024042802-CVE-2022-48667-0aa2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48667', 'https://www.cve.org/CVERecord?id=CVE-2022-48667'], 'PublishedDate': '2024-04-28T13:15:08.157Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2022-48668', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: fix temporary data corruption in collapse range', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in collapse range\n\ncollapse range doesn't discard the affected cached region\nso can risk temporarily corrupting the file data. This\nfixes xfstest generic/031\n\nI also decided to merge a minor cleanup to this into the same patch\n(avoiding rereading inode size repeatedly unnecessarily) to make it\nclearer.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48668', 'https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4)', 'https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9', 'https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4', 'https://lore.kernel.org/linux-cve-announce/2024042802-CVE-2022-48668-3790@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48668', 'https://www.cve.org/CVERecord?id=CVE-2022-48668'], 'PublishedDate': '2024-04-28T13:15:08.203Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2022-48673', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/smc: Fix possible access to freed memory in link clear', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S         OE     5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS:  0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  <IRQ>\n  _raw_spin_lock_irqsave+0x30/0x40\n  mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n  smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n  tasklet_action_common.isra.21+0x66/0x100\n  __do_softirq+0xd5/0x29c\n  asm_call_irq_on_stack+0x12/0x20\n  </IRQ>\n  do_softirq_own_stack+0x37/0x40\n  irq_exit_rcu+0x9d/0xa0\n  sysvec_call_function_single+0x34/0x80\n  asm_sysvec_call_function_single+0x12/0x20', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-755'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48673', 'https://git.kernel.org/linus/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968 (6.0-rc5)', 'https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde', 'https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968', 'https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48673-1692@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48673', 'https://www.cve.org/CVERecord?id=CVE-2022-48673'], 'PublishedDate': '2024-05-03T15:15:07.53Z', 'LastModifiedDate': '2024-05-23T20:26:54.16Z'}, {'VulnerabilityID': 'CVE-2022-48703', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[   71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48703', 'https://git.kernel.org/linus/7931e28098a4c1a2a6802510b0cbe57546d2049d (6.0-rc3)', 'https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d', 'https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2', 'https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48703-3099@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48703', 'https://www.cve.org/CVERecord?id=CVE-2022-48703'], 'PublishedDate': '2024-05-03T16:15:08.65Z', 'LastModifiedDate': '2024-05-06T12:44:56.377Z'}, {'VulnerabilityID': 'CVE-2022-48706', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vdpa: ifcvf: Do proper cleanup if IFCVF init fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: ifcvf: Do proper cleanup if IFCVF init fails\n\nifcvf_mgmt_dev leaks memory if it is not freed before\nreturning. Call is made to correct return statement\nso memory does not leak. ifcvf_init_hw does not take\ncare of this so it is needed to do it here.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48706', 'https://git.kernel.org/linus/6b04456e248761cf68f562f2fd7c04e591fcac94 (6.2-rc7)', 'https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e', 'https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94', 'https://lore.kernel.org/linux-cve-announce/2024052153-CVE-2022-48706-3175@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48706', 'https://www.cve.org/CVERecord?id=CVE-2022-48706'], 'PublishedDate': '2024-05-21T16:15:12.1Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2022-48744', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Avoid field-overflowing memcpy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid field-overflowing memcpy()\n\nIn preparation for FORTIFY_SOURCE performing compile-time and run-time\nfield bounds checking for memcpy(), memmove(), and memset(), avoid\nintentionally writing across neighboring fields.\n\nUse flexible arrays instead of zero-element arrays (which look like they\nare always overflowing) and split the cross-field memcpy() into two halves\nthat can be appropriately bounds-checked by the compiler.\n\nWe were doing:\n\n\t#define ETH_HLEN  14\n\t#define VLAN_HLEN  4\n\t...\n\t#define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN)\n\t...\n        struct mlx5e_tx_wqe      *wqe  = mlx5_wq_cyc_get_wqe(wq, pi);\n\t...\n        struct mlx5_wqe_eth_seg  *eseg = &wqe->eth;\n        struct mlx5_wqe_data_seg *dseg = wqe->data;\n\t...\n\tmemcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE);\n\ntarget is wqe->eth.inline_hdr.start (which the compiler sees as being\n2 bytes in size), but copying 18, intending to write across start\n(really vlan_tci, 2 bytes). The remaining 16 bytes get written into\nwqe->data[0], covering byte_count (4 bytes), lkey (4 bytes), and addr\n(8 bytes).\n\nstruct mlx5e_tx_wqe {\n        struct mlx5_wqe_ctrl_seg   ctrl;                 /*     0    16 */\n        struct mlx5_wqe_eth_seg    eth;                  /*    16    16 */\n        struct mlx5_wqe_data_seg   data[];               /*    32     0 */\n\n        /* size: 32, cachelines: 1, members: 3 */\n        /* last cacheline: 32 bytes */\n};\n\nstruct mlx5_wqe_eth_seg {\n        u8                         swp_outer_l4_offset;  /*     0     1 */\n        u8                         swp_outer_l3_offset;  /*     1     1 */\n        u8                         swp_inner_l4_offset;  /*     2     1 */\n        u8                         swp_inner_l3_offset;  /*     3     1 */\n        u8                         cs_flags;             /*     4     1 */\n        u8                         swp_flags;            /*     5     1 */\n        __be16                     mss;                  /*     6     2 */\n        __be32                     flow_table_metadata;  /*     8     4 */\n        union {\n                struct {\n                        __be16     sz;                   /*    12     2 */\n                        u8         start[2];             /*    14     2 */\n                } inline_hdr;                            /*    12     4 */\n                struct {\n                        __be16     type;                 /*    12     2 */\n                        __be16     vlan_tci;             /*    14     2 */\n                } insert;                                /*    12     4 */\n                __be32             trailer;              /*    12     4 */\n        };                                               /*    12     4 */\n\n        /* size: 16, cachelines: 1, members: 9 */\n        /* last cacheline: 16 bytes */\n};\n\nstruct mlx5_wqe_data_seg {\n        __be32                     byte_count;           /*     0     4 */\n        __be32                     lkey;                 /*     4     4 */\n        __be64                     addr;                 /*     8     8 */\n\n        /* size: 16, cachelines: 1, members: 3 */\n        /* last cacheline: 16 bytes */\n};\n\nSo, split the memcpy() so the compiler can reason about the buffer\nsizes.\n\n"pahole" shows no size nor member offset changes to struct mlx5e_tx_wqe\nnor struct mlx5e_umr_wqe. "objdump -d" shows no meaningful object\ncode changes (i.e. only source line number induced differences and\noptimizations).', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48744', 'https://git.kernel.org/linus/ad5185735f7dab342fdd0dd41044da4c9ccfef67 (5.17-rc3)', 'https://git.kernel.org/stable/c/8fbdf8c8b8ab82beab882175157650452c46493e', 'https://git.kernel.org/stable/c/ad5185735f7dab342fdd0dd41044da4c9ccfef67', 'https://lore.kernel.org/linux-cve-announce/2024062003-CVE-2022-48744-0f03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48744', 'https://www.cve.org/CVERecord?id=CVE-2022-48744'], 'PublishedDate': '2024-06-20T12:15:12.7Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-48766', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.\n\nMirrors the logic for dcn30. Cue lots of WARNs and some\nkernel panics without this fix.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48766', 'https://git.kernel.org/linus/25f1488bdbba63415239ff301fe61a8546140d9f (5.17-rc2)', 'https://git.kernel.org/stable/c/25f1488bdbba63415239ff301fe61a8546140d9f', 'https://git.kernel.org/stable/c/456ba2433844a6483cc4c933aa8f43d24575e341', 'https://lore.kernel.org/linux-cve-announce/2024062010-CVE-2022-48766-3b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48766', 'https://www.cve.org/CVERecord?id=CVE-2022-48766'], 'PublishedDate': '2024-06-20T12:15:14.617Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-48771', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix stale file descriptors on failed usercopy', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix stale file descriptors on failed usercopy\n\nA failing usercopy of the fence_rep object will lead to a stale entry in\nthe file descriptor table as put_unused_fd() won't release it. This\nenables userland to refer to a dangling 'file' object through that still\nvalid file descriptor, leading to all kinds of use-after-free\nexploitation scenarios.\n\nFix this by deferring the call to fd_install() until after the usercopy\nhas succeeded.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48771', 'https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c (5.17-rc2)', 'https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d', 'https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565', 'https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c', 'https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82', 'https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c', 'https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414', 'https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516', 'https://lore.kernel.org/linux-cve-announce/2024062011-CVE-2022-48771-2c90@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48771', 'https://www.cve.org/CVERecord?id=CVE-2022-48771'], 'PublishedDate': '2024-06-20T12:15:15.043Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-48816', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: SUNRPC: lock against -&gt;sock changing during sysfs read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against ->sock changing during sysfs read\n\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex.  Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before\nhandling sysfs reads") appears to attempt to fix this problem, but it\nonly narrows the race window.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48816', 'https://git.kernel.org/linus/b49ea673e119f59c71645e2f65b3ccad857c90ee (5.17-rc4)', 'https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07', 'https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee', 'https://lore.kernel.org/linux-cve-announce/2024071648-CVE-2022-48816-e2a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48816', 'https://www.cve.org/CVERecord?id=CVE-2022-48816'], 'PublishedDate': '2024-07-16T12:15:05.687Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2022-48887', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Remove rcu locks from user resources', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48887', 'https://git.kernel.org/linus/a309c7194e8a2f8bd4539b9449917913f6c2cd50 (6.2-rc4)', 'https://git.kernel.org/stable/c/7ac9578e45b20e3f3c0c8eb71f5417a499a7226a', 'https://git.kernel.org/stable/c/a309c7194e8a2f8bd4539b9449917913f6c2cd50', 'https://lore.kernel.org/linux-cve-announce/2024082109-CVE-2022-48887-4019@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48887', 'https://www.cve.org/CVERecord?id=CVE-2022-48887'], 'PublishedDate': '2024-08-21T07:15:05.143Z', 'LastModifiedDate': '2024-09-06T14:55:46.46Z'}, {'VulnerabilityID': 'CVE-2022-48893', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gt: Cleanup partial engine discovery failures', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Cleanup partial engine discovery failures\n\nIf we abort driver initialisation in the middle of gt/engine discovery,\nsome engines will be fully setup and some not. Those incompletely setup\nengines only have 'engine->release == NULL' and so will leak any of the\ncommon objects allocated.\n\nv2:\n - Drop the destroy_pinned_context() helper for now.  It's not really\n   worth it with just a single callsite at the moment.  (Janusz)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48893', 'https://git.kernel.org/linus/78a033433a5ae4fee85511ee075bc9a48312c79e (6.2-rc1)', 'https://git.kernel.org/stable/c/5c855bcc730656c4b7d30aaddcd0eafc7003e112', 'https://git.kernel.org/stable/c/78a033433a5ae4fee85511ee075bc9a48312c79e', 'https://lore.kernel.org/linux-cve-announce/2024082110-CVE-2022-48893-8d4c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48893', 'https://www.cve.org/CVERecord?id=CVE-2022-48893'], 'PublishedDate': '2024-08-21T07:15:05.477Z', 'LastModifiedDate': '2024-09-11T15:55:09.243Z'}, {'VulnerabilityID': 'CVE-2022-48895', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: iommu/arm-smmu: Don't unregister on shutdown", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Don\'t unregister on shutdown\n\nMichael Walle says he noticed the following stack trace while performing\na shutdown with "reboot -f". He suggests he got "lucky" and just hit the\ncorrect spot for the reboot while there was a packet transmission in\nflight.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000098\nCPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 6.1.0-rc5-00088-gf3600ff8e322 #1930\nHardware name: Kontron KBox A-230-LS (DT)\npc : iommu_get_dma_domain+0x14/0x20\nlr : iommu_dma_map_page+0x9c/0x254\nCall trace:\n iommu_get_dma_domain+0x14/0x20\n dma_map_page_attrs+0x1ec/0x250\n enetc_start_xmit+0x14c/0x10b0\n enetc_xmit+0x60/0xdc\n dev_hard_start_xmit+0xb8/0x210\n sch_direct_xmit+0x11c/0x420\n __dev_queue_xmit+0x354/0xb20\n ip6_finish_output2+0x280/0x5b0\n __ip6_finish_output+0x15c/0x270\n ip6_output+0x78/0x15c\n NF_HOOK.constprop.0+0x50/0xd0\n mld_sendpack+0x1bc/0x320\n mld_ifc_work+0x1d8/0x4dc\n process_one_work+0x1e8/0x460\n worker_thread+0x178/0x534\n kthread+0xe0/0xe4\n ret_from_fork+0x10/0x20\nCode: d503201f f9416800 d503233f d50323bf (f9404c00)\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt\n\nThis appears to be reproducible when the board has a fixed IP address,\nis ping flooded from another host, and "reboot -f" is used.\n\nThe following is one more manifestation of the issue:\n\n$ reboot -f\nkvm: exiting hardware virtualization\ncfg80211: failed to load regulatory.db\narm-smmu 5000000.iommu: disabling translation\nsdhci-esdhc 2140000.mmc: Removing from iommu group 11\nsdhci-esdhc 2150000.mmc: Removing from iommu group 12\nfsl-edma 22c0000.dma-controller: Removing from iommu group 17\ndwc3 3100000.usb: Removing from iommu group 9\ndwc3 3110000.usb: Removing from iommu group 10\nahci-qoriq 3200000.sata: Removing from iommu group 2\nfsl-qdma 8380000.dma-controller: Removing from iommu group 20\nplatform f080000.display: Removing from iommu group 0\netnaviv-gpu f0c0000.gpu: Removing from iommu group 1\netnaviv etnaviv: Removing from iommu group 1\ncaam_jr 8010000.jr: Removing from iommu group 13\ncaam_jr 8020000.jr: Removing from iommu group 14\ncaam_jr 8030000.jr: Removing from iommu group 15\ncaam_jr 8040000.jr: Removing from iommu group 16\nfsl_enetc 0000:00:00.0: Removing from iommu group 4\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000\nfsl_enetc 0000:00:00.1: Removing from iommu group 5\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000\nfsl_enetc 0000:00:00.2: Removing from iommu group 6\nfsl_enetc_mdio 0000:00:00.3: Removing from iommu group 8\nmscc_felix 0000:00:00.5: Removing from iommu group 3\nfsl_enetc 0000:00:00.6: Removing from iommu group 7\npcieport 0001:00:00.0: Removing from iommu group 18\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x00000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000\npcieport 0002:00:00.0: Removing from iommu group 19\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\npc : iommu_get_dma_domain+0x14/0x20\nlr : iommu_dma_unmap_page+0x38/0xe0\nCall trace:\n iommu_get_dma_domain+0x14/0x20\n dma_unmap_page_attrs+0x38/0x1d0\n en\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48895', 'https://git.kernel.org/linus/ce31e6ca68bd7639bd3e5ef97be215031842bbab (6.2-rc4)', 'https://git.kernel.org/stable/c/a1b9c7b1978aacf4b2f33e34bde1e2bb80b8497a', 'https://git.kernel.org/stable/c/ce31e6ca68bd7639bd3e5ef97be215031842bbab', 'https://lore.kernel.org/linux-cve-announce/2024082110-CVE-2022-48895-1370@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48895', 'https://www.cve.org/CVERecord?id=CVE-2022-48895'], 'PublishedDate': '2024-08-21T07:15:05.58Z', 'LastModifiedDate': '2024-09-11T16:01:23.487Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-2007', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-2007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: DPT I2O controller TOCTOU information disclosure vulnerability', 'Description': 'The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-2007', 'https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0', 'https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-2007', 'https://security.netapp.com/advisory/ntap-20240119-0011/', 'https://www.cve.org/CVERecord?id=CVE-2023-2007', 'https://www.debian.org/security/2023/dsa-5480', 'https://www.zerodayinitiative.com/advisories/ZDI-23-440/'], 'PublishedDate': '2023-04-24T23:15:18.877Z', 'LastModifiedDate': '2024-02-01T01:39:22.507Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-45896', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45896', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3: kernel memory read by mounting a filesystem', 'Description': "ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45896', 'https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11', 'https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50', 'https://git.kernel.org/linus/013ff63b649475f0ee134e2c8d0c8e65284ede50 (6.6-rc7)', 'https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45896', 'https://www.cve.org/CVERecord?id=CVE-2023-45896'], 'PublishedDate': '2024-08-28T05:15:13.657Z', 'LastModifiedDate': '2024-09-04T15:15:13.16Z'}, {'VulnerabilityID': 'CVE-2023-52452', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52452', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix accesses to uninit stack slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state->allocated_stack, but not below it. In other words, if the\nstack was already "large enough", the access was permitted, but\notherwise the access was rejected instead of being allowed to "grow the\nstack". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn\'t be updated - global_func16 - because it\ncan\'t run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they\'re inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction\'s needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52452', 'https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19', 'https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529', 'https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde', 'https://lore.kernel.org/linux-cve-announce/2024022258-CVE-2023-52452-7904@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52452', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52452'], 'PublishedDate': '2024-02-22T17:15:08.83Z', 'LastModifiedDate': '2024-03-18T18:24:33.55Z'}, {'VulnerabilityID': 'CVE-2023-52481', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52481', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn't necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52481', 'https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)', 'https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25', 'https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513', 'https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c', 'https://lore.kernel.org/linux-cve-announce/2024022922-CVE-2023-52481-99a8@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52481', 'https://www.cve.org/CVERecord?id=CVE-2023-52481'], 'PublishedDate': '2024-02-29T06:15:46.06Z', 'LastModifiedDate': '2024-02-29T13:49:29.39Z'}, {'VulnerabilityID': 'CVE-2023-52485', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52485', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Wake DMCUB before sending a command cause deadlock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52485', 'https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1)', 'https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009', 'https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39', 'https://lore.kernel.org/linux-cve-announce/20240229150009.1525992-2-lee@kernel.org/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52485', 'https://www.cve.org/CVERecord?id=CVE-2023-52485'], 'PublishedDate': '2024-02-29T15:15:07.397Z', 'LastModifiedDate': '2024-02-29T18:06:42.01Z'}, {'VulnerabilityID': 'CVE-2023-52508', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52508', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52508', 'https://git.kernel.org/linus/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c (6.6-rc2)', 'https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c', 'https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea', 'https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7', 'https://lore.kernel.org/linux-cve-announce/2024030250-CVE-2023-52508-359c@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52508', 'https://www.cve.org/CVERecord?id=CVE-2023-52508'], 'PublishedDate': '2024-03-02T22:15:47.493Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52561', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52561', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: dts: qcom: sdm845-db845c: unreserved cont splash memory region leads to kernel panic', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved\n\nAdding a reserved memory region for the framebuffer memory\n(the splash memory region set up by the bootloader).\n\nIt fixes a kernel panic (arm-smmu: Unhandled context fault\nat this particular memory region) reported on DB845c running\nv5.10.y.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52561', 'https://git.kernel.org/linus/110e70fccce4f22b53986ae797d665ffb1950aa6 (6.6-rc1)', 'https://git.kernel.org/stable/c/110e70fccce4f22b53986ae797d665ffb1950aa6', 'https://git.kernel.org/stable/c/82dacd0ca0d9640723824026d6fdf773c02de1d2', 'https://git.kernel.org/stable/c/dc1ab6577475b0460ba4261cd9caec37bd62ca0b', 'https://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52561-89b2@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52561', 'https://www.cve.org/CVERecord?id=CVE-2023-52561'], 'PublishedDate': '2024-03-02T22:15:48.803Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52569', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52569', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: improper BUG() call after failure to insert delayed dir index item', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node's tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52569', 'https://git.kernel.org/linus/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9 (6.6-rc2)', 'https://git.kernel.org/stable/c/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9', 'https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f', 'https://git.kernel.org/stable/c/d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52569', 'https://www.cve.org/CVERecord?id=CVE-2023-52569'], 'PublishedDate': '2024-03-02T22:15:49.163Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52572', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52572', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: use-after-free in cifs_demultiplex_thread()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix UAF in cifs_demultiplex_thread()\n\nThere is a UAF when xfstests on cifs:\n\n  BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160\n  Read of size 4 at addr ffff88810103fc08 by task cifsd/923\n\n  CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45\n  ...\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x34/0x44\n   print_report+0x171/0x472\n   kasan_report+0xad/0x130\n   kasan_check_range+0x145/0x1a0\n   smb2_is_network_name_deleted+0x27/0x160\n   cifs_demultiplex_thread.cold+0x172/0x5a4\n   kthread+0x165/0x1a0\n   ret_from_fork+0x1f/0x30\n   </TASK>\n\n  Allocated by task 923:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   __kasan_slab_alloc+0x54/0x60\n   kmem_cache_alloc+0x147/0x320\n   mempool_alloc+0xe1/0x260\n   cifs_small_buf_get+0x24/0x60\n   allocate_buffers+0xa1/0x1c0\n   cifs_demultiplex_thread+0x199/0x10d0\n   kthread+0x165/0x1a0\n   ret_from_fork+0x1f/0x30\n\n  Freed by task 921:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   kasan_save_free_info+0x2a/0x40\n   ____kasan_slab_free+0x143/0x1b0\n   kmem_cache_free+0xe3/0x4d0\n   cifs_small_buf_release+0x29/0x90\n   SMB2_negotiate+0x8b7/0x1c60\n   smb2_negotiate+0x51/0x70\n   cifs_negotiate_protocol+0xf0/0x160\n   cifs_get_smb_ses+0x5fa/0x13c0\n   mount_get_conns+0x7a/0x750\n   cifs_mount+0x103/0xd00\n   cifs_smb3_do_mount+0x1dd/0xcb0\n   smb3_get_tree+0x1d5/0x300\n   vfs_get_tree+0x41/0xf0\n   path_mount+0x9b3/0xdd0\n   __x64_sys_mount+0x190/0x1d0\n   do_syscall_64+0x35/0x80\n   entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe UAF is because:\n\n mount(pid: 921)               | cifsd(pid: 923)\n-------------------------------|-------------------------------\n                               | cifs_demultiplex_thread\nSMB2_negotiate                 |\n cifs_send_recv                |\n  compound_send_recv           |\n   smb_send_rqst               |\n    wait_for_response          |\n     wait_event_state      [1] |\n                               |  standard_receive3\n                               |   cifs_handle_standard\n                               |    handle_mid\n                               |     mid->resp_buf = buf;  [2]\n                               |     dequeue_mid           [3]\n     KILL the process      [4] |\n    resp_iov[i].iov_base = buf |\n free_rsp_buf              [5] |\n                               |   is_network_name_deleted [6]\n                               |   callback\n\n1. After send request to server, wait the response until\n    mid->mid_state != SUBMITTED;\n2. Receive response from server, and set it to mid;\n3. Set the mid state to RECEIVED;\n4. Kill the process, the mid state already RECEIVED, get 0;\n5. Handle and release the negotiate response;\n6. UAF.\n\nIt can be easily reproduce with add some delay in [3] - [6].\n\nOnly sync call has the problem since async call's callback is\nexecuted in cifsd process.\n\nAdd an extra state to mark the mid state to READY before wakeup the\nwaitter, then it can get the resp safely.", 'Severity': 'MEDIUM', 'References': ['https://access.redhat.com/security/cve/CVE-2023-52572', 'https://git.kernel.org/linus/d527f51331cace562393a8038d870b3e9916686f (6.6-rc3)', 'https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a', 'https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3', 'https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f', 'https://lore.kernel.org/linux-cve-announce/2024030256-CVE-2023-52572-2b92@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52572', 'https://www.cve.org/CVERecord?id=CVE-2023-52572'], 'PublishedDate': '2024-03-02T22:15:49.3Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52576', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52576', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm, kexec, ima: potential use-after-free in memblock_isolate_range()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()\n\nThe code calling ima_free_kexec_buffer() runs long after the memblock\nallocator has already been torn down, potentially resulting in a use\nafter free in memblock_isolate_range().\n\nWith KASAN or KFENCE, this use after free will result in a BUG\nfrom the idle task, and a subsequent kernel panic.\n\nSwitch ima_free_kexec_buffer() over to memblock_free_late() to avoid\nthat bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52576', 'https://git.kernel.org/linus/34cf99c250d5cd2530b93a57b0de31d3aaf8685b (6.6-rc3)', 'https://git.kernel.org/stable/c/34cf99c250d5cd2530b93a57b0de31d3aaf8685b', 'https://git.kernel.org/stable/c/d2dfbc0e3b7a04c2d941421a958dc31c897fb204', 'https://git.kernel.org/stable/c/eef16bfdb212da60f5144689f2967fb25b051a2b', 'https://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52576-7ee2@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52576', 'https://www.cve.org/CVERecord?id=CVE-2023-52576'], 'PublishedDate': '2024-03-02T22:15:49.49Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52582', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52582', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfs: improper loop in netfs_rreq_unlock_folios()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only call folio_start_fscache() one time for each folio\n\nIf a network filesystem using netfs implements a clamp_length()\nfunction, it can set subrequest lengths smaller than a page size.\n\nWhen we loop through the folios in netfs_rreq_unlock_folios() to\nset any folios to be written back, we need to make sure we only\ncall folio_start_fscache() once for each folio.\n\nOtherwise, this simple testcase:\n\n  mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs\n  dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1\n  1+0 records in\n  1+0 records out\n  4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s\n  echo 3 > /proc/sys/vm/drop_caches\n  cat /mnt/nfs/file.bin > /dev/null\n\nwill trigger an oops similar to the following:\n\n  page dumped because: VM_BUG_ON_FOLIO(folio_test_private_2(folio))\n  ------------[ cut here ]------------\n  kernel BUG at include/linux/netfs.h:44!\n  ...\n  CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5\n  ...\n  RIP: 0010:netfs_rreq_unlock_folios+0x68e/0x730 [netfs]\n  ...\n  Call Trace:\n    netfs_rreq_assess+0x497/0x660 [netfs]\n    netfs_subreq_terminated+0x32b/0x610 [netfs]\n    nfs_netfs_read_completion+0x14e/0x1a0 [nfs]\n    nfs_read_completion+0x2f9/0x330 [nfs]\n    rpc_free_task+0x72/0xa0 [sunrpc]\n    rpc_async_release+0x46/0x70 [sunrpc]\n    process_one_work+0x3bd/0x710\n    worker_thread+0x89/0x610\n    kthread+0x181/0x1c0\n    ret_from_fork+0x29/0x50', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52582', 'https://git.kernel.org/linus/df1c357f25d808e30b216188330e708e09e1a412 (6.6-rc3)', 'https://git.kernel.org/stable/c/d9f5537479d4ec97ea92ff24e81a517d5772581a', 'https://git.kernel.org/stable/c/df1c357f25d808e30b216188330e708e09e1a412', 'https://git.kernel.org/stable/c/df9950d37df113db59495fa09d060754366a2b7c', 'https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52582-07c8@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52582', 'https://www.cve.org/CVERecord?id=CVE-2023-52582'], 'PublishedDate': '2024-03-02T22:15:49.77Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52586', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52586', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: Add mutex lock in control vblank irq', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add mutex lock in control vblank irq\n\nAdd a mutex lock to control vblank irq to synchronize vblank\nenable/disable operations happening from different threads to prevent\nrace conditions while registering/unregistering the vblank irq callback.\n\nv4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a\n    parameter of dpu_encoder_phys.\n    -Switch from atomic refcnt to a simple int counter as mutex has\n    now been added\nv3: Mistakenly did not change wording in last version. It is done now.\nv2: Slightly changed wording of commit message\n\nPatchwork: https://patchwork.freedesktop.org/patch/571854/', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52586', 'https://git.kernel.org/linus/45284ff733e4caf6c118aae5131eb7e7cf3eea5a (6.8-rc1)', 'https://git.kernel.org/stable/c/14f109bf74dd67e1d0469fed859c8e506b0df53f', 'https://git.kernel.org/stable/c/45284ff733e4caf6c118aae5131eb7e7cf3eea5a', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52586-3ecb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52586', 'https://www.cve.org/CVERecord?id=CVE-2023-52586'], 'PublishedDate': '2024-03-06T07:15:07.443Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52589', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52589', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: rkisp1: Fix IRQ disable race issue', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ disable race issue\n\nIn rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the\ninterrupts and then apparently assumes that the interrupt handler won't\nbe running, and proceeds in the stop procedure. This is not the case, as\nthe interrupt handler can already be running, which would lead to the\nISP being disabled while the interrupt handler handling a captured\nframe.\n\nThis brings up two issues: 1) the ISP could be powered off while the\ninterrupt handler is still running and accessing registers, leading to\nboard lockup, and 2) the interrupt handler code and the code that\ndisables the streaming might do things that conflict.\n\nIt is not clear to me if 2) causes a real issue, but 1) can be seen with\na suitable delay (or printk in my case) in the interrupt handler,\nleading to board lockup.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52589', 'https://git.kernel.org/linus/870565f063a58576e8a4529f122cac4325c6b395 (6.8-rc1)', 'https://git.kernel.org/stable/c/7bb1a2822aa2c2de4e09bf7c56dd93bd532f1fa7', 'https://git.kernel.org/stable/c/870565f063a58576e8a4529f122cac4325c6b395', 'https://git.kernel.org/stable/c/bf808f58681cab64c81cd814551814fd34e540fe', 'https://git.kernel.org/stable/c/fab483438342984f2a315fe13c882a80f0f7e545', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52589-8f84@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52589', 'https://ubuntu.com/security/notices/USN-6688-1', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52589'], 'PublishedDate': '2024-03-06T07:15:08.053Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52590', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52590', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: Avoid touching renamed directory if parent does not change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change ocfs2 rename code to avoid touching renamed directory if\nits parent does not change as without locking that can corrupt the\nfilesystem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52590', 'https://git.kernel.org/linus/9d618d19b29c2943527e3a43da0a35aea91062fc (6.8-rc1)', 'https://git.kernel.org/stable/c/9d618d19b29c2943527e3a43da0a35aea91062fc', 'https://git.kernel.org/stable/c/de940cede3c41624e2de27f805b490999f419df9', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52590-fca9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52590', 'https://www.cve.org/CVERecord?id=CVE-2023-52590'], 'PublishedDate': '2024-03-06T07:15:08.297Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52591', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52591', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: reiserfs: Avoid touching renamed directory if parent does not change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52591', 'https://git.kernel.org/linus/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed (6.8-rc1)', 'https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc', 'https://git.kernel.org/stable/c/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed', 'https://git.kernel.org/stable/c/c04c162f82ac403917780eb6d1654694455d4e7c', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52591-46a0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52591', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52591'], 'PublishedDate': '2024-03-06T07:15:08.51Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52593', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52593', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()\n\nSince 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()'\nshould check the return value before examining skb data. So convert\nthe latter to return an appropriate error code and propagate it to\nreturn from 'wfx_start_ap()' as well. Compile tested only.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52593', 'https://git.kernel.org/linus/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d (6.8-rc1)', 'https://git.kernel.org/stable/c/3739121443f5114c6bcf6d841a5124deb006b878', 'https://git.kernel.org/stable/c/574dcd3126aa2eed75437137843f254b1190dd03', 'https://git.kernel.org/stable/c/9ab224744a47363f74ea29c6894c405e3bcf5132', 'https://git.kernel.org/stable/c/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d', 'https://lore.kernel.org/linux-cve-announce/2024030645-CVE-2023-52593-14ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52593', 'https://ubuntu.com/security/notices/USN-6688-1', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52593'], 'PublishedDate': '2024-03-06T07:15:08.94Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52624', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52624', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Wake DMCUB before executing GPINT commands', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before executing GPINT commands\n\n[Why]\nDMCUB can be in idle when we attempt to interface with the HW through\nthe GPINT mailbox resulting in a system hang.\n\n[How]\nAdd dc_wake_and_execute_gpint() to wrap the wake, execute, sleep\nsequence.\n\nIf the GPINT executes successfully then DMCUB will be put back into\nsleep after the optional response is returned.\n\nIt functions similar to the inbox command interface.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52624', 'https://git.kernel.org/linus/e5ffd1263dd5b44929c676171802e7b6af483f21 (6.8-rc1)', 'https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d', 'https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-10-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52624', 'https://www.cve.org/CVERecord?id=CVE-2023-52624'], 'PublishedDate': '2024-03-26T18:15:08.99Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2023-52625', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52625', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Refactor DMCUB enter/exit idle interface', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Refactor DMCUB enter/exit idle interface\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nWe need to exit out of the idle state prior to sending a command,\nbut the process that performs the exit also invokes a command itself.\n\nFixing this issue involves the following:\n\n1. Using a software state to track whether or not we need to start\n   the process to exit idle or notify idle.\n\nIt's possible for the hardware to have exited an idle state without\ndriver knowledge, but entering one is always restricted to a driver\nallow - which makes the SW state vs HW state mismatch issue purely one\nof optimization, which should seldomly be hit, if at all.\n\n2. Refactor any instances of exit/notify idle to use a single wrapper\n   that maintains this SW state.\n\nThis works simialr to dc_allow_idle_optimizations, but works at the\nDMCUB level and makes sure the state is marked prior to any notify/exit\nidle so we don't enter an infinite loop.\n\n3. Make sure we exit out of idle prior to sending any commands or\n   waiting for DMCUB idle.\n\nThis patch takes care of 1/2. A future patch will take care of wrapping\nDMCUB command submission with calls to this new interface.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52625', 'https://git.kernel.org/linus/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa (6.8-rc1)', 'https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f', 'https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-11-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52625', 'https://www.cve.org/CVERecord?id=CVE-2023-52625'], 'PublishedDate': '2024-03-26T18:15:09.04Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2023-52632', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52632', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: lock dependency warning with srcu', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning with srcu\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-yangp #2289 Not tainted\n------------------------------------------------------\nkworker/0:2/996 is trying to acquire lock:\n        (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0\n\nbut task is already holding lock:\n        ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at:\n\tprocess_one_work+0x211/0x560\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}:\n        __flush_work+0x88/0x4f0\n        svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu]\n        svm_range_set_attr+0xd6/0x14c0 [amdgpu]\n        kfd_ioctl+0x1d1/0x630 [amdgpu]\n        __x64_sys_ioctl+0x88/0xc0\n\n-> #2 (&info->lock#2){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc70\n        amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]\n        restore_process_helper+0x22/0x80 [amdgpu]\n        restore_process_worker+0x2d/0xa0 [amdgpu]\n        process_one_work+0x29b/0x560\n        worker_thread+0x3d/0x3d0\n\n-> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}:\n        __flush_work+0x88/0x4f0\n        __cancel_work_timer+0x12c/0x1c0\n        kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]\n        __mmu_notifier_release+0xad/0x240\n        exit_mmap+0x6a/0x3a0\n        mmput+0x6a/0x120\n        do_exit+0x322/0xb90\n        do_group_exit+0x37/0xa0\n        __x64_sys_exit_group+0x18/0x20\n        do_syscall_64+0x38/0x80\n\n-> #0 (srcu){.+.+}-{0:0}:\n        __lock_acquire+0x1521/0x2510\n        lock_sync+0x5f/0x90\n        __synchronize_srcu+0x4f/0x1a0\n        __mmu_notifier_release+0x128/0x240\n        exit_mmap+0x6a/0x3a0\n        mmput+0x6a/0x120\n        svm_range_deferred_list_work+0x19f/0x350 [amdgpu]\n        process_one_work+0x29b/0x560\n        worker_thread+0x3d/0x3d0\n\nother info that might help us debug this:\nChain exists of:\n  srcu --> &info->lock#2 --> (work_completion)(&svms->deferred_list_work)\n\nPossible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n        lock((work_completion)(&svms->deferred_list_work));\n                        lock(&info->lock#2);\n\t\t\tlock((work_completion)(&svms->deferred_list_work));\n        sync(srcu);', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52632', 'https://git.kernel.org/linus/2a9de42e8d3c82c6990d226198602be44f43f340 (6.8-rc1)', 'https://git.kernel.org/stable/c/1556c242e64cdffe58736aa650b0b395854fe4d4', 'https://git.kernel.org/stable/c/2a9de42e8d3c82c6990d226198602be44f43f340', 'https://git.kernel.org/stable/c/752312f6a79440086ac0f9b08d7776870037323c', 'https://git.kernel.org/stable/c/b602f098f716723fa5c6c96a486e0afba83b7b94', 'https://lore.kernel.org/linux-cve-announce/2024040218-CVE-2023-52632-f7bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52632', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52632'], 'PublishedDate': '2024-04-02T07:15:41.01Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2023-52634', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52634', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix disable_otg_wa logic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix disable_otg_wa logic\n\n[Why]\nWhen switching to another HDMI mode, we are unnecesarilly\ndisabling/enabling FIFO causing both HPO and DIG registers to be set at\nthe same time when only HPO is supposed to be set.\n\nThis can lead to a system hang the next time we change refresh rates as\nthere are cases when we don't disable OTG/FIFO but FIFO is enabled when\nit isn't supposed to be.\n\n[How]\nRemoving the enable/disable FIFO entirely.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52634', 'https://git.kernel.org/linus/2ce156482a6fef349d2eba98e5070c412d3af662 (6.8-rc1)', 'https://git.kernel.org/stable/c/2ce156482a6fef349d2eba98e5070c412d3af662', 'https://git.kernel.org/stable/c/ce29728ef6485a367934cc100249c66dd3cde5b6', 'https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2023-52634-27e0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52634', 'https://www.cve.org/CVERecord?id=CVE-2023-52634'], 'PublishedDate': '2024-04-02T07:15:41.177Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2023-52648', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52648', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Unmap the surface before resetting it on a plane state\n\nSwitch to a new plane state requires unreferencing of all held surfaces.\nIn the work required for mob cursors the mapped surfaces started being\ncached but the variable indicating whether the surface is currently\nmapped was not being reset. This leads to crashes as the duplicated\nstate, incorrectly, indicates the that surface is mapped even when\nno surface is present. That's because after unreferencing the surface\nit's perfectly possible for the plane to be backed by a bo instead of a\nsurface.\n\nReset the surface mapped flag when unreferencing the plane state surface\nto fix null derefs in cleanup. Fixes crashes in KDE KWin 6.0 on Wayland:\n\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 4 PID: 2533 Comm: kwin_wayland Not tainted 6.7.0-rc3-vmwgfx #2\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\nCode: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f>\nRSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600\nRBP: ffff969d4143dc50 R08: 0000000000000000 R09: ffffb6b98216f920\nR10: 0000000000000003 R11: ffff969e7feb3b10 R12: 0000000000000000\nR13: 0000000000000000 R14: 000000000000027b R15: ffff969d49c9fc00\nFS:  00007f1e8f1b4180(0000) GS:ffff969e75f00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000028 CR3: 0000000104006004 CR4: 00000000003706f0\nCall Trace:\n <TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\n drm_atomic_helper_cleanup_planes+0x9b/0xc0\n commit_tail+0xd1/0x130\n drm_atomic_helper_commit+0x11a/0x140\n drm_atomic_commit+0x97/0xd0\n ? __pfx___drm_printfn_info+0x10/0x10\n drm_atomic_helper_update_plane+0xf5/0x160\n drm_mode_cursor_universal+0x10e/0x270\n drm_mode_cursor_common+0x102/0x230\n ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10\n drm_ioctl_kernel+0xb2/0x110\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10\n ? __pfx_drm_ioctl+0x10/0x10\n vmw_generic_ioctl+0xa4/0x110 [vmwgfx]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x61/0xe0\n ? __x64_sys_ioctl+0xaf/0xd0\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? do_syscall_64+0x70/0xe0\n ? __x64_sys_ioctl+0xaf/0xd0\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? do_syscall_64+0x70/0xe0\n ? exc_page_fault+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\nRIP: 0033:0x7f1e93f279ed\nCode: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff f>\nRSP: 002b:00007ffca0faf600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055db876ed2c0 RCX: 00007f1e93f279ed\nRDX: 00007ffca0faf6c0 RSI: 00000000c02464bb RDI: 0000000000000015\nRBP: 00007ffca0faf650 R08: 000055db87184010 R09: 0000000000000007\nR10: 000055db886471a0 R11: 0000000000000246 R12: 00007ffca0faf6c0\nR13: 00000000c02464bb R14: 0000000000000015 R15: 00007ffca0faf790\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_ine>\nCR2: 0000000000000028\n---[ end trace 0000000000000000 ]---\nRIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\nCode: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f>\nRSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600\nRBP: ffff969d4143\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2023-52648', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/27571c64f1855881753e6f33c3186573afbab7ba (6.9-rc1)', 'https://git.kernel.org/stable/c/0a23f95af7f28dae7c0f7c82578ca5e1a239d461', 'https://git.kernel.org/stable/c/105f72cc48c4c93f4578fcc61e06276471858e92', 'https://git.kernel.org/stable/c/27571c64f1855881753e6f33c3186573afbab7ba', 'https://git.kernel.org/stable/c/75baad63c033b3b900d822bffbc96c9d3649bc75', 'https://linux.oracle.com/cve/CVE-2023-52648.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050122-CVE-2023-52648-4e0d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52648', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2023-52648'], 'PublishedDate': '2024-05-01T06:15:07.217Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2023-52653', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52653', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: SUNRPC: fix a memleak in gss_import_v2_context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix a memleak in gss_import_v2_context\n\nThe ctx->mech_used.data allocated by kmemdup is not freed in neither\ngss_import_v2_context nor it only caller gss_krb5_import_sec_context,\nwhich frees ctx on error.\n\nThus, this patch reform the last call of gss_import_v2_context to the\ngss_krb5_import_ctx_v2, preventing the memleak while keepping the return\nformation.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2023-52653', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/e67b652d8e8591d3b1e569dbcdfcee15993e91fa (6.9-rc1)', 'https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4', 'https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c', 'https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822', 'https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa', 'https://linux.oracle.com/cve/CVE-2023-52653.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050131-CVE-2023-52653-a5c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52653', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2023-52653'], 'PublishedDate': '2024-05-01T13:15:48.47Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2023-52657', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;drm/amd/pm: resolve reboot exception for si oland&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "drm/amd/pm: resolve reboot exception for si oland"\n\nThis reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.\n\nThis causes hangs on SI when DC is enabled and errors on driver\nreboot and power off cycles.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52657', 'https://git.kernel.org/linus/955558030954b9637b41c97b730f9b38c92ac488 (6.8-rc7)', 'https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94', 'https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488', 'https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f', 'https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6', 'https://lore.kernel.org/linux-cve-announce/2024051758-CVE-2023-52657-628c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52657', 'https://www.cve.org/CVERecord?id=CVE-2023-52657'], 'PublishedDate': '2024-05-17T12:15:09.077Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52660', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: rkisp1: Fix IRQ handling due to shared interrupts', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ handling due to shared interrupts\n\nThe driver requests the interrupts as IRQF_SHARED, so the interrupt\nhandlers can be called at any time. If such a call happens while the ISP\nis powered down, the SoC will hang as the driver tries to access the\nISP registers.\n\nThis can be reproduced even without the platform sharing the IRQ line:\nEnable CONFIG_DEBUG_SHIRQ and unload the driver, and the board will\nhang.\n\nFix this by adding a new field, 'irqs_enabled', which is used to bail\nout from the interrupt handler when the ISP is not operational.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52660', 'https://git.kernel.org/linus/ffb635bb398fc07cb38f8a7b4a82cbe5f412f08e (6.8-rc5)', 'https://git.kernel.org/stable/c/abd34206f396d3ae50cddbd5aa840b8cd7f68c63', 'https://git.kernel.org/stable/c/b39b4d207d4f236a74e20d291f6356f2231fd9ee', 'https://git.kernel.org/stable/c/edcf92bc66d8361c51dff953a55210e5cfd95587', 'https://git.kernel.org/stable/c/ffb635bb398fc07cb38f8a7b4a82cbe5f412f08e', 'https://lore.kernel.org/linux-cve-announce/2024051755-CVE-2023-52660-6eac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52660', 'https://www.cve.org/CVERecord?id=CVE-2023-52660'], 'PublishedDate': '2024-05-17T13:15:57.77Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52664', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: atlantic: eliminate double free in error handling logic', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: eliminate double free in error handling logic\n\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\n\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\n\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52664', 'https://git.kernel.org/linus/b3cb7a830a24527877b0bc900b9bd74a96aea928 (6.8-rc1)', 'https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d', 'https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928', 'https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf', 'https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d', 'https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2023-52664-dea1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52664', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52664'], 'PublishedDate': '2024-05-17T14:15:08.807Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52671', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix hang/underflow when transitioning to ODM4:1\n\n[Why]\nUnder some circumstances, disabling an OPTC and attempting to reclaim\nits OPP(s) for a different OPTC could cause a hang/underflow due to OPPs\nnot being properly disconnected from the disabled OPTC.\n\n[How]\nEnsure that all OPPs are unassigned from an OPTC when it gets disabled.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52671', 'https://git.kernel.org/linus/e7b2b108cdeab76a7e7324459e50b0c1214c0386 (6.8-rc1)', 'https://git.kernel.org/stable/c/4b6b479b2da6badff099b2e3abf0248936eefbf5', 'https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239', 'https://git.kernel.org/stable/c/e7b2b108cdeab76a7e7324459e50b0c1214c0386', 'https://lore.kernel.org/linux-cve-announce/2024051729-CVE-2023-52671-a2df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52671', 'https://www.cve.org/CVERecord?id=CVE-2023-52671'], 'PublishedDate': '2024-05-17T14:15:10.29Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52673', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix a debugfs null pointer error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a debugfs null pointer error\n\n[WHY & HOW]\nCheck whether get_subvp_en() callback exists before calling it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52673', 'https://git.kernel.org/linus/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7 (6.8-rc1)', 'https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a', 'https://git.kernel.org/stable/c/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7', 'https://lore.kernel.org/linux-cve-announce/2024051729-CVE-2023-52673-57e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52673', 'https://www.cve.org/CVERecord?id=CVE-2023-52673'], 'PublishedDate': '2024-05-17T14:15:10.773Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52676', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Guard stack limits against 32bit overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Guard stack limits against 32bit overflow\n\nThis patch promotes the arithmetic around checking stack bounds to be\ndone in the 64-bit domain, instead of the current 32bit. The arithmetic\nimplies adding together a 64-bit register with a int offset. The\nregister was checked to be below 1<<29 when it was variable, but not\nwhen it was fixed. The offset either comes from an instruction (in which\ncase it is 16 bit), from another register (in which case the caller\nchecked it to be below 1<<29 [1]), or from the size of an argument to a\nkfunc (in which case it can be a u32 [2]). Between the register being\ninconsistently checked to be below 1<<29, and the offset being up to an\nu32, it appears that we were open to overflowing the `int`s which were\ncurrently used for arithmetic.\n\n[1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498\n[2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52676', 'https://git.kernel.org/linus/1d38a9ee81570c4bd61f557832dead4d6f816760 (6.8-rc1)', 'https://git.kernel.org/stable/c/1d38a9ee81570c4bd61f557832dead4d6f816760', 'https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2', 'https://git.kernel.org/stable/c/e5ad9ecb84405637df82732ee02ad741a5f782a6', 'https://lore.kernel.org/linux-cve-announce/2024051749-CVE-2023-52676-e224@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52676', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52676'], 'PublishedDate': '2024-05-17T15:15:18.633Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52682', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52682', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to wait on block writeback for post_read case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t  - gc_data_segment\n\t\t\t\t\t   - move_data_block\n\t\t\t\t\t    - f2fs_submit_page_write\n\t\t\t\t\t     migrate normal cluster's block via\n\t\t\t\t\t     meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n  - f2fs_inplace_write_data\n   - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52682', 'https://git.kernel.org/linus/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00 (6.8-rc1)', 'https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2', 'https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00', 'https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3', 'https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986', 'https://lore.kernel.org/linux-cve-announce/2024051751-CVE-2023-52682-fae2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52682', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52682'], 'PublishedDate': '2024-05-17T15:15:19.427Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52700', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52700', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: fix kernel warning when sending SYN message', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel warning when sending SYN message\n\nWhen sending a SYN message, this kernel stack trace is observed:\n\n...\n[   13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\n...\n[   13.398494] Call Trace:\n[   13.398630]  <TASK>\n[   13.398630]  ? __alloc_skb+0xed/0x1a0\n[   13.398630]  tipc_msg_build+0x12c/0x670 [tipc]\n[   13.398630]  ? shmem_add_to_page_cache.isra.71+0x151/0x290\n[   13.398630]  __tipc_sendmsg+0x2d1/0x710 [tipc]\n[   13.398630]  ? tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __local_bh_enable_ip+0x37/0x80\n[   13.398630]  tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __sys_connect+0x9f/0xd0\n[   13.398630]  __sys_connect+0x9f/0xd0\n[   13.398630]  ? preempt_count_add+0x4d/0xa0\n[   13.398630]  ? fpregs_assert_state_consistent+0x22/0x50\n[   13.398630]  __x64_sys_connect+0x16/0x20\n[   13.398630]  do_syscall_64+0x42/0x90\n[   13.398630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIt is because commit a41dad905e5a ("iov_iter: saner checks for attempt\nto copy to/from iterator") has introduced sanity check for copying\nfrom/to iov iterator. Lacking of copy direction from the iterator\nviewpoint would lead to kernel stack trace like above.\n\nThis commit fixes this issue by initializing the iov iterator with\nthe correct copy direction when sending SYN or ACK without data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2023-52700', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/11a4d6f67cf55883dc78e31c247d1903ed7feccc (6.2)', 'https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc', 'https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32', 'https://linux.oracle.com/cve/CVE-2023-52700.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52700-1e45@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52700', 'https://www.cve.org/CVERecord?id=CVE-2023-52700'], 'PublishedDate': '2024-05-21T16:15:12.48Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52701', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: use a bounce buffer for copying skb-&gt;mark', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use a bounce buffer for copying skb->mark\n\nsyzbot found arm64 builds would crash in sock_recv_mark()\nwhen CONFIG_HARDENED_USERCOPY=y\n\nx86 and powerpc are not detecting the issue because\nthey define user_access_begin.\nThis will be handled in a different patch,\nbecause a check_object_size() is missing.\n\nOnly data from skb->cb[] can be copied directly to/from user space,\nas explained in commit 79a8a642bf05 ("net: Whitelist\nthe skbuff_head_cache "cb" field")\n\nsyzbot report was:\nusercopy: Kernel memory exposure attempt detected from SLUB object \'skbuff_head_cache\' (offset 168, size 4)!\n------------[ cut here ]------------\nkernel BUG at mm/usercopy.c:102 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 4410 Comm: syz-executor533 Not tainted 6.2.0-rc7-syzkaller-17907-g2d3827b3f393 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usercopy_abort+0x90/0x94 mm/usercopy.c:90\nlr : usercopy_abort+0x90/0x94 mm/usercopy.c:90\nsp : ffff80000fb9b9a0\nx29: ffff80000fb9b9b0 x28: ffff0000c6073400 x27: 0000000020001a00\nx26: 0000000000000014 x25: ffff80000cf52000 x24: fffffc0000000000\nx23: 05ffc00000000200 x22: fffffc000324bf80 x21: ffff0000c92fe1a8\nx20: 0000000000000001 x19: 0000000000000004 x18: 0000000000000000\nx17: 656a626f2042554c x16: ffff0000c6073dd0 x15: ffff80000dbd2118\nx14: ffff0000c6073400 x13: 00000000ffffffff x12: ffff0000c6073400\nx11: ff808000081bbb4c x10: 0000000000000000 x9 : 7b0572d7cc0ccf00\nx8 : 7b0572d7cc0ccf00 x7 : ffff80000bf650d4 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : ffff0001fefbff08 x1 : 0000000100000000 x0 : 000000000000006c\nCall trace:\nusercopy_abort+0x90/0x94 mm/usercopy.c:90\n__check_heap_object+0xa8/0x100 mm/slub.c:4761\ncheck_heap_object mm/usercopy.c:196 [inline]\n__check_object_size+0x208/0x6b8 mm/usercopy.c:251\ncheck_object_size include/linux/thread_info.h:199 [inline]\n__copy_to_user include/linux/uaccess.h:115 [inline]\nput_cmsg+0x408/0x464 net/core/scm.c:238\nsock_recv_mark net/socket.c:975 [inline]\n__sock_recv_cmsgs+0x1fc/0x248 net/socket.c:984\nsock_recv_cmsgs include/net/sock.h:2728 [inline]\npacket_recvmsg+0x2d8/0x678 net/packet/af_packet.c:3482\n____sys_recvmsg+0x110/0x3a0\n___sys_recvmsg net/socket.c:2737 [inline]\n__sys_recvmsg+0x194/0x210 net/socket.c:2767\n__do_sys_recvmsg net/socket.c:2777 [inline]\n__se_sys_recvmsg net/socket.c:2774 [inline]\n__arm64_sys_recvmsg+0x2c/0x3c net/socket.c:2774\n__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\ninvoke_syscall+0x64/0x178 arch/arm64/kernel/syscall.c:52\nel0_svc_common+0xbc/0x180 arch/arm64/kernel/syscall.c:142\ndo_el0_svc+0x48/0x110 arch/arm64/kernel/syscall.c:193\nel0_svc+0x58/0x14c arch/arm64/kernel/entry-common.c:637\nel0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 91388800 aa0903e1 f90003e8 94e6d752 (d4210000)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52701', 'https://git.kernel.org/linus/2558b8039d059342197610498c8749ad294adee5 (6.2)', 'https://git.kernel.org/stable/c/2558b8039d059342197610498c8749ad294adee5', 'https://git.kernel.org/stable/c/863a7de987f02a901bf215509276a7de0370e0f9', 'https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52701-5037@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52701', 'https://www.cve.org/CVERecord?id=CVE-2023-52701'], 'PublishedDate': '2024-05-21T16:15:12.547Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52732', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ceph: blocklist the kclient when receiving corrupted snap trace', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: blocklist the kclient when receiving corrupted snap trace\n\nWhen received corrupted snap trace we don't know what exactly has\nhappened in MDS side. And we shouldn't continue IOs and metadatas\naccess to MDS, which may corrupt or get incorrect contents.\n\nThis patch will just block all the further IO/MDS requests\nimmediately and then evict the kclient itself.\n\nThe reason why we still need to evict the kclient just after\nblocking all the further IOs is that the MDS could revoke the caps\nfaster.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52732', 'https://git.kernel.org/linus/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9 (6.2-rc7)', 'https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c', 'https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9', 'https://lore.kernel.org/linux-cve-announce/2024052159-CVE-2023-52732-c783@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52732', 'https://www.cve.org/CVERecord?id=CVE-2023-52732'], 'PublishedDate': '2024-05-21T16:15:13.303Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52737', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: lock the inode in shared mode before starting fiemap', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: lock the inode in shared mode before starting fiemap\n\nCurrently fiemap does not take the inode\'s lock (VFS lock), it only locks\na file range in the inode\'s io tree. This however can lead to a deadlock\nif we have a concurrent fsync on the file and fiemap code triggers a fault\nwhen accessing the user space buffer with fiemap_fill_next_extent(). The\ndeadlock happens on the inode\'s i_mmap_lock semaphore, which is taken both\nby fsync and btrfs_page_mkwrite(). This deadlock was recently reported by\nsyzbot and triggers a trace like the following:\n\n   task:syz-executor361 state:D stack:20264 pid:5668  ppid:5119   flags:0x00004004\n   Call Trace:\n    <TASK>\n    context_switch kernel/sched/core.c:5293 [inline]\n    __schedule+0x995/0xe20 kernel/sched/core.c:6606\n    schedule+0xcb/0x190 kernel/sched/core.c:6682\n    wait_on_state fs/btrfs/extent-io-tree.c:707 [inline]\n    wait_extent_bit+0x577/0x6f0 fs/btrfs/extent-io-tree.c:751\n    lock_extent+0x1c2/0x280 fs/btrfs/extent-io-tree.c:1742\n    find_lock_delalloc_range+0x4e6/0x9c0 fs/btrfs/extent_io.c:488\n    writepage_delalloc+0x1ef/0x540 fs/btrfs/extent_io.c:1863\n    __extent_writepage+0x736/0x14e0 fs/btrfs/extent_io.c:2174\n    extent_write_cache_pages+0x983/0x1220 fs/btrfs/extent_io.c:3091\n    extent_writepages+0x219/0x540 fs/btrfs/extent_io.c:3211\n    do_writepages+0x3c3/0x680 mm/page-writeback.c:2581\n    filemap_fdatawrite_wbc+0x11e/0x170 mm/filemap.c:388\n    __filemap_fdatawrite_range mm/filemap.c:421 [inline]\n    filemap_fdatawrite_range+0x175/0x200 mm/filemap.c:439\n    btrfs_fdatawrite_range fs/btrfs/file.c:3850 [inline]\n    start_ordered_ops fs/btrfs/file.c:1737 [inline]\n    btrfs_sync_file+0x4ff/0x1190 fs/btrfs/file.c:1839\n    generic_write_sync include/linux/fs.h:2885 [inline]\n    btrfs_do_write_iter+0xcd3/0x1280 fs/btrfs/file.c:1684\n    call_write_iter include/linux/fs.h:2189 [inline]\n    new_sync_write fs/read_write.c:491 [inline]\n    vfs_write+0x7dc/0xc50 fs/read_write.c:584\n    ksys_write+0x177/0x2a0 fs/read_write.c:637\n    do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n    entry_SYSCALL_64_after_hwframe+0x63/0xcd\n   RIP: 0033:0x7f7d4054e9b9\n   RSP: 002b:00007f7d404fa2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n   RAX: ffffffffffffffda RBX: 00007f7d405d87a0 RCX: 00007f7d4054e9b9\n   RDX: 0000000000000090 RSI: 0000000020000000 RDI: 0000000000000006\n   RBP: 00007f7d405a51d0 R08: 0000000000000000 R09: 0000000000000000\n   R10: 0000000000000000 R11: 0000000000000246 R12: 61635f65646f6e69\n   R13: 65646f7475616f6e R14: 7261637369646f6e R15: 00007f7d405d87a8\n    </TASK>\n   INFO: task syz-executor361:5697 blocked for more than 145 seconds.\n         Not tainted 6.2.0-rc3-syzkaller-00376-g7c6984405241 #0\n   "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n   task:syz-executor361 state:D stack:21216 pid:5697  ppid:5119   flags:0x00004004\n   Call Trace:\n    <TASK>\n    context_switch kernel/sched/core.c:5293 [inline]\n    __schedule+0x995/0xe20 kernel/sched/core.c:6606\n    schedule+0xcb/0x190 kernel/sched/core.c:6682\n    rwsem_down_read_slowpath+0x5f9/0x930 kernel/locking/rwsem.c:1095\n    __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260\n    btrfs_page_mkwrite+0x417/0xc80 fs/btrfs/inode.c:8526\n    do_page_mkwrite+0x19e/0x5e0 mm/memory.c:2947\n    wp_page_shared+0x15e/0x380 mm/memory.c:3295\n    handle_pte_fault mm/memory.c:4949 [inline]\n    __handle_mm_fault mm/memory.c:5073 [inline]\n    handle_mm_fault+0x1b79/0x26b0 mm/memory.c:5219\n    do_user_addr_fault+0x69b/0xcb0 arch/x86/mm/fault.c:1428\n    handle_page_fault arch/x86/mm/fault.c:1519 [inline]\n    exc_page_fault+0x7a/0x110 arch/x86/mm/fault.c:1575\n    asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570\n   RIP: 0010:copy_user_short_string+0xd/0x40 arch/x86/lib/copy_user_64.S:233\n   Code: 74 0a 89 (...)\n   RSP: 0018:ffffc9000570f330 EFLAGS: 000502\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52737', 'https://git.kernel.org/linus/519b7e13b5ae8dd38da1e52275705343be6bb508 (6.2-rc8)', 'https://git.kernel.org/stable/c/519b7e13b5ae8dd38da1e52275705343be6bb508', 'https://git.kernel.org/stable/c/d8c594da79bc0244e610a70594e824a401802be1', 'https://lore.kernel.org/linux-cve-announce/2024052101-CVE-2023-52737-e10e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52737', 'https://www.cve.org/CVERecord?id=CVE-2023-52737'], 'PublishedDate': '2024-05-21T16:15:13.667Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52749', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: Fix null dereference on suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n   ctlr->cur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n   to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n   called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52749', 'https://git.kernel.org/linus/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 (6.7-rc1)', 'https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068', 'https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e', 'https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37', 'https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52749-684e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52749', 'https://www.cve.org/CVERecord?id=CVE-2023-52749'], 'PublishedDate': '2024-05-21T16:15:14.587Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52751', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix use-after-free in smb2_query_info_compound()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in smb2_query_info_compound()\n\nThe following UAF was triggered when running fstests generic/072 with\nKASAN enabled against Windows Server 2022 and mount options\n'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm'\n\n  BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs]\n  Read of size 8 at addr ffff888014941048 by task xfs_io/27534\n\n  CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n  rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Call Trace:\n   dump_stack_lvl+0x4a/0x80\n   print_report+0xcf/0x650\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __phys_addr+0x46/0x90\n   kasan_report+0xda/0x110\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __stack_depot_save+0x39/0x480\n   ? kasan_save_stack+0x33/0x60\n   ? kasan_set_track+0x25/0x30\n   ? ____kasan_slab_free+0x126/0x170\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   ? __pfx_smb2_queryfs+0x10/0x10 [cifs]\n   ? __pfx___lock_acquire+0x10/0x10\n   smb311_queryfs+0x210/0x220 [cifs]\n   ? __pfx_smb311_queryfs+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __lock_acquire+0x480/0x26c0\n   ? lock_release+0x1ed/0x640\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? do_raw_spin_unlock+0x9b/0x100\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   ? __pfx___do_sys_fstatfs+0x10/0x10\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? lockdep_hardirqs_on_prepare+0x136/0x200\n   ? srso_alias_return_thunk+0x5/0x7f\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Allocated by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   __kasan_kmalloc+0x8f/0xa0\n   open_cached_dir+0x71b/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   smb311_queryfs+0x210/0x220 [cifs]\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Freed by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   kasan_save_free_info+0x2b/0x50\n   ____kasan_slab_free+0x126/0x170\n   slab_free_freelist_hook+0xd0/0x1e0\n   __kmem_cache_free+0x9d/0x1b0\n   open_cached_dir+0xff5/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n\nThis is a race between open_cached_dir() and cached_dir_lease_break()\nwhere the cache entry for the open directory handle receives a lease\nbreak while creating it.  And before returning from open_cached_dir(),\nwe put the last reference of the new @cfid because of\n!@cfid->has_lease.\n\nBesides the UAF, while running xfstests a lot of missed lease breaks\nhave been noticed in tests that run several concurrent statfs(2) calls\non those cached fids\n\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108\n  CIFS: VFS: Dump pending requests:\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 000000005aa7316e len 108\n  ...\n\nTo fix both, in open_cached_dir() ensure that @cfid->has_lease is set\nright before sending out compounded request so that any potential\nlease break will be get processed by demultiplex thread while we're\nstill caching @cfid.  And, if open failed for some reason, re-check\n@cfid->has_lease to decide whether or not put lease reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52751', 'https://git.kernel.org/linus/5c86919455c1edec99ebd3338ad213b59271a71b (6.7-rc1)', 'https://git.kernel.org/stable/c/5c86919455c1edec99ebd3338ad213b59271a71b', 'https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9', 'https://git.kernel.org/stable/c/93877b9afc2994c89362007aac480a7b150f386f', 'https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52751-69df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52751', 'https://www.cve.org/CVERecord?id=CVE-2023-52751'], 'PublishedDate': '2024-05-21T16:15:14.763Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52757', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential deadlock when releasing mids', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock.  If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0                                CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread()            cifs_debug_data_proc_show()\n release_mid()\n  spin_lock(&server->mid_lock);\n                                     spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t      spin_lock(&server->mid_lock)\n  __release_mid()\n   smb2_find_smb_tcon()\n    spin_lock(&cifs_tcp_ses_lock) *deadlock*", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52757', 'https://git.kernel.org/linus/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7 (6.7-rc1)', 'https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29', 'https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf', 'https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26', 'https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7', 'https://lore.kernel.org/linux-cve-announce/2024052146-CVE-2023-52757-5028@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52757', 'https://www.cve.org/CVERecord?id=CVE-2023-52757'], 'PublishedDate': '2024-05-21T16:15:15.187Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52761', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: VMAP_STACK overflow detection thread-safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: VMAP_STACK overflow detection thread-safe\n\ncommit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") added\nsupport for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to\n`shadow_stack` temporarily before switching finally to per-cpu\n`overflow_stack`.\n\nIf two CPUs/harts are racing and end up in over flowing kernel stack, one\nor both will end up corrupting each other state because `shadow_stack` is\nnot per-cpu. This patch optimizes per-cpu overflow stack switch by\ndirectly picking per-cpu `overflow_stack` and gets rid of `shadow_stack`.\n\nFollowing are the changes in this patch\n\n - Defines an asm macro to obtain per-cpu symbols in destination\n   register.\n - In entry.S, when overflow is detected, per-cpu overflow stack is\n   located using per-cpu asm macro. Computing per-cpu symbol requires\n   a temporary register. x31 is saved away into CSR_SCRATCH\n   (CSR_SCRATCH is anyways zero since we\'re in kernel).\n\nPlease see Links for additional relevant disccussion and alternative\nsolution.\n\nTested by `echo EXHAUST_STACK > /sys/kernel/debug/provoke-crash/DIRECT`\nKernel crash log below\n\n Insufficient stack space to handle exception!/debug/provoke-crash/DIRECT\n Task stack:     [0xff20000010a98000..0xff20000010a9c000]\n Overflow stack: [0xff600001f7d98370..0xff600001f7d99370]\n CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34\n Hardware name: riscv-virtio,qemu (DT)\n epc : __memset+0x60/0xfc\n  ra : recursive_loop+0x48/0xc6 [lkdtm]\n epc : ffffffff808de0e4 ra : ffffffff0163a752 sp : ff20000010a97e80\n  gp : ffffffff815c0330 tp : ff600000820ea280 t0 : ff20000010a97e88\n  t1 : 000000000000002e t2 : 3233206874706564 s0 : ff20000010a982b0\n  s1 : 0000000000000012 a0 : ff20000010a97e88 a1 : 0000000000000000\n  a2 : 0000000000000400 a3 : ff20000010a98288 a4 : 0000000000000000\n  a5 : 0000000000000000 a6 : fffffffffffe43f0 a7 : 00007fffffffffff\n  s2 : ff20000010a97e88 s3 : ffffffff01644680 s4 : ff20000010a9be90\n  s5 : ff600000842ba6c0 s6 : 00aaaaaac29e42b0 s7 : 00fffffff0aa3684\n  s8 : 00aaaaaac2978040 s9 : 0000000000000065 s10: 00ffffff8a7cad10\n  s11: 00ffffff8a76a4e0 t3 : ffffffff815dbaf4 t4 : ffffffff815dbaf4\n  t5 : ffffffff815dbab8 t6 : ff20000010a9bb48\n status: 0000000200000120 badaddr: ff20000010a97e88 cause: 000000000000000f\n Kernel panic - not syncing: Kernel stack overflow\n CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34\n Hardware name: riscv-virtio,qemu (DT)\n Call Trace:\n [<ffffffff80006754>] dump_backtrace+0x30/0x38\n [<ffffffff808de798>] show_stack+0x40/0x4c\n [<ffffffff808ea2a8>] dump_stack_lvl+0x44/0x5c\n [<ffffffff808ea2d8>] dump_stack+0x18/0x20\n [<ffffffff808dec06>] panic+0x126/0x2fe\n [<ffffffff800065ea>] walk_stackframe+0x0/0xf0\n [<ffffffff0163a752>] recursive_loop+0x48/0xc6 [lkdtm]\n SMP: stopping secondary CPUs\n ---[ end Kernel panic - not syncing: Kernel stack overflow ]---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52761', 'https://git.kernel.org/linus/be97d0db5f44c0674480cb79ac6f5b0529b84c76 (6.7-rc1)', 'https://git.kernel.org/stable/c/1493baaf09e3c1899959c8a107cd1207e16d1788', 'https://git.kernel.org/stable/c/be97d0db5f44c0674480cb79ac6f5b0529b84c76', 'https://git.kernel.org/stable/c/eff53aea3855f71992c043cebb1c00988c17ee20', 'https://lore.kernel.org/linux-cve-announce/2024052147-CVE-2023-52761-5ddf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52761', 'https://www.cve.org/CVERecord?id=CVE-2023-52761'], 'PublishedDate': '2024-05-21T16:15:15.487Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52812', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd: check num of link levels when update pcie param', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: check num of link levels when update pcie param\n\nIn SR-IOV environment, the value of pcie_table->num_of_link_levels will\nbe 0, and num_of_levels - 1 will cause array index out of bounds', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52812', 'https://git.kernel.org/linus/406e8845356d18bdf3d3a23b347faf67706472ec (6.7-rc1)', 'https://git.kernel.org/stable/c/09f617219fe9ccd8d7b65dc3e879b5889f663b5a', 'https://git.kernel.org/stable/c/406e8845356d18bdf3d3a23b347faf67706472ec', 'https://git.kernel.org/stable/c/5b4574b663d0a1a0a62d5232429b7db9ae6d0670', 'https://lore.kernel.org/linux-cve-announce/2024052102-CVE-2023-52812-b5b2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52812', 'https://www.cve.org/CVERecord?id=CVE-2023-52812'], 'PublishedDate': '2024-05-21T16:15:19.41Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52829', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()\n\nreg_cap.phy_id is extracted from WMI event and could be an unexpected value\nin case some errors happen. As a result out-of-bound write may occur to\nsoc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it.\n\nThis is found during code review.\n\nCompile tested only.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52829', 'https://git.kernel.org/linus/b302dce3d9edea5b93d1902a541684a967f3c63c (6.7-rc1)', 'https://git.kernel.org/stable/c/4dd0547e8b45faf6f95373be5436b66cde326c0e', 'https://git.kernel.org/stable/c/b302dce3d9edea5b93d1902a541684a967f3c63c', 'https://git.kernel.org/stable/c/dfe13eaab043130f90dd3d57c7d88577c04adc97', 'https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52829-3283@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52829', 'https://www.cve.org/CVERecord?id=CVE-2023-52829'], 'PublishedDate': '2024-05-21T16:15:20.6Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52831', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: cpu/hotplug: Don't offline the last non-isolated CPU", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\'t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the "isolcpus=" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n  rebuild_sched_domains_locked()\n    ndoms = generate_sched_domains(&doms, &attr);\n      cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52831', 'https://git.kernel.org/linus/38685e2a0476127db766f81b1c06019ddc4c9ffa (6.7-rc1)', 'https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63', 'https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13', 'https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908', 'https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffa', 'https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52831-ce31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52831', 'https://www.cve.org/CVERecord?id=CVE-2023-52831'], 'PublishedDate': '2024-05-21T16:15:20.743Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52837', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: fix uaf in nbd_open', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_open\n\nCommit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and\nblk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won\'t set\ndisk->private_data as NULL as before. UAF may be triggered in nbd_open()\nif someone tries to open nbd device right after nbd_put() since nbd has\nbeen free in nbd_dev_remove().\n\nFix this by implementing ->free_disk and free private data in it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52837', 'https://git.kernel.org/linus/327462725b0f759f093788dfbcb2f1fd132f956b (6.7-rc1)', 'https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b', 'https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3', 'https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe', 'https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db', 'https://lore.kernel.org/linux-cve-announce/2024052110-CVE-2023-52837-6490@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52837', 'https://www.cve.org/CVERecord?id=CVE-2023-52837'], 'PublishedDate': '2024-05-21T16:15:21.17Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52857', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mediatek: Fix coverity issue with unintentional integer overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix coverity issue with unintentional integer overflow\n\n1. Instead of multiplying 2 variable of different types. Change to\nassign a value of one variable and then multiply the other variable.\n\n2. Add a int variable for multiplier calculation instead of calculating\ndifferent types multiplier with dma_addr_t variable directly.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52857', 'https://git.kernel.org/linus/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7 (6.7-rc1)', 'https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396', 'https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c', 'https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7', 'https://lore.kernel.org/linux-cve-announce/2024052116-CVE-2023-52857-e288@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52857', 'https://www.cve.org/CVERecord?id=CVE-2023-52857'], 'PublishedDate': '2024-05-21T16:15:22.803Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52888', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Only free buffer VA that is not NULL', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Only free buffer VA that is not NULL\n\nIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly\ncalled only when the buffer to free exists, there are some instances\nthat didn't do the check and triggered warnings in practice.\n\nWe believe those checks were forgotten unintentionally. Add the checks\nback to fix the warnings.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52888', 'https://git.kernel.org/linus/eb005c801ec70ff4307727bd3bd6e8280169ef32 (6.10-rc1)', 'https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04', 'https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91', 'https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32', 'https://lore.kernel.org/linux-cve-announce/2024073015-CVE-2023-52888-51c6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52888', 'https://www.cve.org/CVERecord?id=CVE-2023-52888'], 'PublishedDate': '2024-07-30T08:15:02.293Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2023-52904', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52904', 'https://git.kernel.org/linus/92a9c0ad86d47ff4cce899012e355c400f02cfb8 (6.2-rc4)', 'https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8', 'https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8', 'https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030', 'https://lore.kernel.org/linux-cve-announce/2024082113-CVE-2023-52904-b85a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52904', 'https://www.cve.org/CVERecord?id=CVE-2023-52904'], 'PublishedDate': '2024-08-21T07:15:06.54Z', 'LastModifiedDate': '2024-10-17T14:15:04.8Z'}, {'VulnerabilityID': 'CVE-2023-52905', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: octeontx2-pf: Fix resource leakage in VF driver unbind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52905', 'https://git.kernel.org/linus/53da7aec32982f5ee775b69dce06d63992ce4af3 (6.2-rc4)', 'https://git.kernel.org/stable/c/53da7aec32982f5ee775b69dce06d63992ce4af3', 'https://git.kernel.org/stable/c/c8ca0ad10df08ea36bcac1288062d567d22604c9', 'https://lore.kernel.org/linux-cve-announce/2024082113-CVE-2023-52905-53fd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52905', 'https://www.cve.org/CVERecord?id=CVE-2023-52905'], 'PublishedDate': '2024-08-21T07:15:06.597Z', 'LastModifiedDate': '2024-09-13T13:27:29.043Z'}, {'VulnerabilityID': 'CVE-2023-52911', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm: another fix for the headless Adreno GPU', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: another fix for the headless Adreno GPU\n\nFix another oops reproducible when rebooting the board with the Adreno\nGPU working in the headless mode (e.g. iMX platforms).\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000\nInternal error: Oops: 17 [#1] ARM\nCPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11\nHardware name: Freescale i.MX53 (Device Tree Support)\nPC is at msm_atomic_commit_tail+0x50/0x970\nLR is at commit_tail+0x9c/0x188\npc : [<c06aa430>]    lr : [<c067a214>]    psr: 600e0013\nsp : e0851d30  ip : ee4eb7eb  fp : 00090acc\nr10: 00000058  r9 : c2193014  r8 : c4310000\nr7 : c4759380  r6 : 07bef61d  r5 : 00000000  r4 : 00000000\nr3 : c44cc440  r2 : 00000000  r1 : 00000000  r0 : 00000000\nFlags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\nControl: 10c5387d  Table: 74910019  DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: NULL pointer\nRegister r2 information: NULL pointer\nRegister r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024\nRegister r4 information: NULL pointer\nRegister r5 information: NULL pointer\nRegister r6 information: non-paged memory\nRegister r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128\nRegister r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048\nRegister r9 information: non-slab/vmalloc memory\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: non-paged memory\nProcess reboot (pid: 51, stack limit = 0xc80046d9)\nStack: (0xe0851d30 to 0xe0852000)\n1d20:                                     c4759380 fbd77200 000005ff 002b9c70\n1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058\n1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c\n1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468\n1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810\n1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00\n1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8\n1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854\n1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000\n1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60\n1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4\n1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000\n1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058\n1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028\n1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc\n1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000\n msm_atomic_commit_tail from commit_tail+0x9c/0x188\n commit_tail from drm_atomic_helper_commit+0x160/0x188\n drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0\n drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0\n drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140\n drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240\n device_shutdown from kernel_restart+0x38/0x90\n kernel_restart from __do_sys_reboot+0x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52911', 'https://git.kernel.org/linus/00dd060ab3cf95ca6ede7853bc14397014971b5e (6.2-rc4)', 'https://git.kernel.org/stable/c/00dd060ab3cf95ca6ede7853bc14397014971b5e', 'https://git.kernel.org/stable/c/b107b08c41b3076a508113fbaaffe15ce1fe7f65', 'https://lore.kernel.org/linux-cve-announce/2024082115-CVE-2023-52911-28fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52911', 'https://www.cve.org/CVERecord?id=CVE-2023-52911'], 'PublishedDate': '2024-08-21T07:15:06.967Z', 'LastModifiedDate': '2024-09-12T14:49:30.22Z'}, {'VulnerabilityID': 'CVE-2023-52912', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fixed bug on error when unloading amdgpu', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fixed bug on error when unloading amdgpu\n\nFixed bug on error when unloading amdgpu.\n\nThe error message is as follows:\n[  377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!\n[  377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[  377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G          IOE      6.0.0-thomas #1\n[  377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021\n[  377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]\n[  377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53\n[  377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287\n[  377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000\n[  377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70\n[  377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001\n[  377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70\n[  377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70\n[  377.706325] FS:  00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000\n[  377.706334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0\n[  377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  377.706361] Call Trace:\n[  377.706365]  <TASK>\n[  377.706369]  drm_buddy_free_list+0x2a/0x60 [drm_buddy]\n[  377.706376]  amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]\n[  377.706572]  amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]\n[  377.706650]  amdgpu_bo_fini+0x22/0x90 [amdgpu]\n[  377.706727]  gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]\n[  377.706821]  amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]\n[  377.706897]  amdgpu_driver_release_kms+0x12/0x30 [amdgpu]\n[  377.706975]  drm_dev_release+0x20/0x40 [drm]\n[  377.707006]  release_nodes+0x35/0xb0\n[  377.707014]  devres_release_all+0x8b/0xc0\n[  377.707020]  device_unbind_cleanup+0xe/0x70\n[  377.707027]  device_release_driver_internal+0xee/0x160\n[  377.707033]  driver_detach+0x44/0x90\n[  377.707039]  bus_remove_driver+0x55/0xe0\n[  377.707045]  pci_unregister_driver+0x3b/0x90\n[  377.707052]  amdgpu_exit+0x11/0x6c [amdgpu]\n[  377.707194]  __x64_sys_delete_module+0x142/0x2b0\n[  377.707201]  ? fpregs_assert_state_consistent+0x22/0x50\n[  377.707208]  ? exit_to_user_mode_prepare+0x3e/0x190\n[  377.707215]  do_syscall_64+0x38/0x90\n[  377.707221]  entry_SYSCALL_64_after_hwframe+0x63/0xcd', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52912', 'https://git.kernel.org/linus/99f1a36c90a7524972be5a028424c57fa17753ee (6.2-rc4)', 'https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199', 'https://git.kernel.org/stable/c/99f1a36c90a7524972be5a028424c57fa17753ee', 'https://lore.kernel.org/linux-cve-announce/2024082115-CVE-2023-52912-a6c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52912', 'https://www.cve.org/CVERecord?id=CVE-2023-52912'], 'PublishedDate': '2024-08-21T07:15:07.02Z', 'LastModifiedDate': '2024-09-12T14:35:58.593Z'}, {'VulnerabilityID': 'CVE-2023-52913', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915: Fix potential context UAFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential context UAFs\n\ngem_context_register() makes the context visible to userspace, and which\npoint a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.\nSo we need to ensure that nothing uses the ctx ptr after this.  And we\nneed to ensure that adding the ctx to the xarray is the *last* thing\nthat gem_context_register() does with the ctx pointer.\n\n[tursulin: Stable and fixes tags add/tidy.]\n(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52913', 'https://git.kernel.org/linus/afce71ff6daa9c0f852df0727fe32c6fb107f0fa (6.2-rc4)', 'https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa', 'https://git.kernel.org/stable/c/b696c627b3f56e173f7f70b8487d66da8ff22506', 'https://lore.kernel.org/linux-cve-announce/2024082115-CVE-2023-52913-5347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52913', 'https://www.cve.org/CVERecord?id=CVE-2023-52913'], 'PublishedDate': '2024-08-21T07:15:07.087Z', 'LastModifiedDate': '2024-09-12T14:38:40.43Z'}, {'VulnerabilityID': 'CVE-2023-52916', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52916', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: aspeed: Fix memory overwrite if timing is 1600x900', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: Fix memory overwrite if timing is 1600x900\n\nWhen capturing 1600x900, system could crash when system memory usage is\ntight.\n\nThe way to reproduce this issue:\n1. Use 1600x900 to display on host\n2. Mount ISO through \'Virtual media\' on OpenBMC\'s web\n3. Run script as below on host to do sha continuously\n  #!/bin/bash\n  while [ [1] ];\n  do\n\tfind /media -type f -printf \'"%h/%f"\\n\' | xargs sha256sum\n  done\n4. Open KVM on OpenBMC\'s web\n\nThe size of macro block captured is 8x8. Therefore, we should make sure\nthe height of src-buf is 8 aligned to fix this issue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52916', 'https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1)', 'https://git.kernel.org/stable/c/c281355068bc258fd619c5aefd978595bede7bfe', 'https://lore.kernel.org/linux-cve-announce/2024090655-CVE-2023-52916-edc0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52916', 'https://www.cve.org/CVERecord?id=CVE-2023-52916'], 'PublishedDate': '2024-09-06T09:15:03.327Z', 'LastModifiedDate': '2024-09-06T12:08:04.55Z'}, {'VulnerabilityID': 'CVE-2023-6610', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6610', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: OOB Access in smb2_dump_detail', 'Description': 'An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:0723', 'https://access.redhat.com/errata/RHSA-2024:0724', 'https://access.redhat.com/errata/RHSA-2024:0725', 'https://access.redhat.com/errata/RHSA-2024:0881', 'https://access.redhat.com/errata/RHSA-2024:0897', 'https://access.redhat.com/errata/RHSA-2024:1248', 'https://access.redhat.com/errata/RHSA-2024:1404', 'https://access.redhat.com/errata/RHSA-2024:2094', 'https://access.redhat.com/security/cve/CVE-2023-6610', 'https://bugzilla.kernel.org/show_bug.cgi?id=218219', 'https://bugzilla.redhat.com/2087568', 'https://bugzilla.redhat.com/2144379', 'https://bugzilla.redhat.com/2161310', 'https://bugzilla.redhat.com/2173403', 'https://bugzilla.redhat.com/2187813', 'https://bugzilla.redhat.com/2187931', 'https://bugzilla.redhat.com/2231800', 'https://bugzilla.redhat.com/2237757', 'https://bugzilla.redhat.com/2244723', 'https://bugzilla.redhat.com/2245514', 'https://bugzilla.redhat.com/2246944', 'https://bugzilla.redhat.com/2246945', 'https://bugzilla.redhat.com/2253611', 'https://bugzilla.redhat.com/2253614', 'https://bugzilla.redhat.com/2253908', 'https://bugzilla.redhat.com/2254052', 'https://bugzilla.redhat.com/2254053', 'https://bugzilla.redhat.com/2254054', 'https://bugzilla.redhat.com/2255139', 'https://bugzilla.redhat.com/show_bug.cgi?id=2253614', 'https://errata.almalinux.org/8/ALSA-2024-0897.html', 'https://linux.oracle.com/cve/CVE-2023-6610.html', 'https://linux.oracle.com/errata/ELSA-2024-1248.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6610', 'https://ubuntu.com/security/notices/USN-6688-1', 'https://ubuntu.com/security/notices/USN-6724-1', 'https://ubuntu.com/security/notices/USN-6724-2', 'https://www.cve.org/CVERecord?id=CVE-2023-6610'], 'PublishedDate': '2023-12-08T17:15:07.933Z', 'LastModifiedDate': '2024-07-08T18:15:05.773Z'}, {'VulnerabilityID': 'CVE-2024-26595', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26595', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\n\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon 'region->group->tcam' [1].\n\nFix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-26595', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39', 'https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f', 'https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809', 'https://linux.oracle.com/cve/CVE-2024-26595.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26595', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2024-26595'], 'PublishedDate': '2024-02-23T15:15:09.443Z', 'LastModifiedDate': '2024-04-17T19:55:31.323Z'}, {'VulnerabilityID': 'CVE-2024-26605', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26605', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/ASPM: Fix deadlock when enabling ASPM', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26605', 'https://git.kernel.org/linus/1e560864159d002b453da42bd2c13a1805515a20 (6.8-rc3)', 'https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3', 'https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20', 'https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c', 'https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70', 'https://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26605', 'https://www.cve.org/CVERecord?id=CVE-2024-26605'], 'PublishedDate': '2024-02-26T16:28:00.207Z', 'LastModifiedDate': '2024-04-28T12:15:19.74Z'}, {'VulnerabilityID': 'CVE-2024-26647', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26647', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Fix late dereference 'dsc' check in 'link_set_dsc_pps_packet()'", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'\n\nIn link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc'\nwas dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc'\nNULL pointer check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26647', 'https://git.kernel.org/linus/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 (6.8-rc1)', 'https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207', 'https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c', 'https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-15-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26647', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2024-26647'], 'PublishedDate': '2024-03-26T18:15:10.063Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2024-26648', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26648', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL check in edp_setup_replay()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()\n\nIn edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay'\nwas dereferenced before the pointer 'link' & 'replay' NULL check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26648', 'https://git.kernel.org/linus/7073934f5d73f8b53308963cee36f0d389ea857c (6.8-rc1)', 'https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935', 'https://git.kernel.org/stable/c/7073934f5d73f8b53308963cee36f0d389ea857c', 'https://git.kernel.org/stable/c/c02d257c654191ecda1dc1af6875d527e85310e7', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-16-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26648', 'https://www.cve.org/CVERecord?id=CVE-2024-26648'], 'PublishedDate': '2024-03-26T18:15:10.22Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2024-26656', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26656', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: use-after-free vulnerability', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free bug\n\nThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctl\nto the AMDGPU DRM driver on any ASICs with an invalid address and size.\nThe bug was reported by Joonkyo Jung <joonkyoj@yonsei.ac.kr>.\nFor example the following code:\n\nstatic void Syzkaller1(int fd)\n{\n\tstruct drm_amdgpu_gem_userptr arg;\n\tint ret;\n\n\targ.addr = 0xffffffffffff0000;\n\targ.size = 0x80000000; /*2 Gb*/\n\targ.flags = 0x7;\n\tret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &arg);\n}\n\nDue to the address and size are not valid there is a failure in\namdgpu_hmm_register->mmu_interval_notifier_insert->__mmu_interval_notifier_insert->\ncheck_shl_overflow, but we even the amdgpu_hmm_register failure we still call\namdgpu_hmm_unregister into  amdgpu_gem_object_free which causes access to a bad address.\nThe following stack is below when the issue is reproduced when Kazan is enabled:\n\n[  +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[  +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340\n[  +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff <0f> 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80\n[  +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246\n[  +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b\n[  +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260\n[  +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25\n[  +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00\n[  +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260\n[  +0.000011] FS:  00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000\n[  +0.000012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0\n[  +0.000010] Call Trace:\n[  +0.000006]  <TASK>\n[  +0.000007]  ? show_regs+0x6a/0x80\n[  +0.000018]  ? __warn+0xa5/0x1b0\n[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340\n[  +0.000018]  ? report_bug+0x24a/0x290\n[  +0.000022]  ? handle_bug+0x46/0x90\n[  +0.000015]  ? exc_invalid_op+0x19/0x50\n[  +0.000016]  ? asm_exc_invalid_op+0x1b/0x20\n[  +0.000017]  ? kasan_save_stack+0x26/0x50\n[  +0.000017]  ? mmu_interval_notifier_remove+0x23b/0x340\n[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340\n[  +0.000019]  ? mmu_interval_notifier_remove+0x23b/0x340\n[  +0.000020]  ? __pfx_mmu_interval_notifier_remove+0x10/0x10\n[  +0.000017]  ? kasan_save_alloc_info+0x1e/0x30\n[  +0.000018]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? __kasan_kmalloc+0xb1/0xc0\n[  +0.000018]  ? srso_return_thunk+0x5/0x5f\n[  +0.000013]  ? __kasan_check_read+0x11/0x20\n[  +0.000020]  amdgpu_hmm_unregister+0x34/0x50 [amdgpu]\n[  +0.004695]  amdgpu_gem_object_free+0x66/0xa0 [amdgpu]\n[  +0.004534]  ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu]\n[  +0.004291]  ? do_syscall_64+0x5f/0xe0\n[  +0.000023]  ? srso_return_thunk+0x5/0x5f\n[  +0.000017]  drm_gem_object_free+0x3b/0x50 [drm]\n[  +0.000489]  amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu]\n[  +0.004295]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004270]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? __this_cpu_preempt_check+0x13/0x20\n[  +0.000015]  ? srso_return_thunk+0x5/0x5f\n[  +0.000013]  ? sysvec_apic_timer_interrupt+0x57/0xc0\n[  +0.000020]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[  +0.000022]  ? drm_ioctl_kernel+0x17b/0x1f0 [drm]\n[  +0.000496]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004272]  ? drm_ioctl_kernel+0x190/0x1f0 [drm]\n[  +0.000492]  drm_ioctl_kernel+0x140/0x1f0 [drm]\n[  +0.000497]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004297]  ? __pfx_drm_ioctl_kernel+0x10/0x10 [d\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-26656', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/22207fd5c80177b860279653d017474b2812af5e (6.9-rc1)', 'https://git.kernel.org/stable/c/22207fd5c80177b860279653d017474b2812af5e', 'https://git.kernel.org/stable/c/22f665ecfd1225afa1309ace623157d12bb9bb0c', 'https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c', 'https://git.kernel.org/stable/c/e87e08c94c9541b4e18c4c13f2f605935f512605', 'https://linux.oracle.com/cve/CVE-2024-26656.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024040247-CVE-2024-26656-ffaa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26656', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26656'], 'PublishedDate': '2024-04-02T07:15:42.76Z', 'LastModifiedDate': '2024-04-03T14:15:17Z'}, {'VulnerabilityID': 'CVE-2024-26658', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: grab s_umount only if snapshotting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: grab s_umount only if snapshotting\n\nWhen I was testing mongodb over bcachefs with compression,\nthere is a lockdep warning when snapshotting mongodb data volume.\n\n$ cat test.sh\nprog=bcachefs\n\n$prog subvolume create /mnt/data\n$prog subvolume create /mnt/data/snapshots\n\nwhile true;do\n    $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s)\n    sleep 1s\ndone\n\n$ cat /etc/mongodb.conf\nsystemLog:\n  destination: file\n  logAppend: true\n  path: /mnt/data/mongod.log\n\nstorage:\n  dbPath: /mnt/data/\n\nlockdep reports:\n[ 3437.452330] ======================================================\n[ 3437.452750] WARNING: possible circular locking dependency detected\n[ 3437.453168] 6.7.0-rc7-custom+ #85 Tainted: G            E\n[ 3437.453562] ------------------------------------------------------\n[ 3437.453981] bcachefs/35533 is trying to acquire lock:\n[ 3437.454325] ffffa0a02b2b1418 (sb_writers#10){.+.+}-{0:0}, at: filename_create+0x62/0x190\n[ 3437.454875]\n               but task is already holding lock:\n[ 3437.455268] ffffa0a02b2b10e0 (&type->s_umount_key#48){.+.+}-{3:3}, at: bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.456009]\n               which lock already depends on the new lock.\n\n[ 3437.456553]\n               the existing dependency chain (in reverse order) is:\n[ 3437.457054]\n               -> #3 (&type->s_umount_key#48){.+.+}-{3:3}:\n[ 3437.457507]        down_read+0x3e/0x170\n[ 3437.457772]        bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.458206]        __x64_sys_ioctl+0x93/0xd0\n[ 3437.458498]        do_syscall_64+0x42/0xf0\n[ 3437.458779]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.459155]\n               -> #2 (&c->snapshot_create_lock){++++}-{3:3}:\n[ 3437.459615]        down_read+0x3e/0x170\n[ 3437.459878]        bch2_truncate+0x82/0x110 [bcachefs]\n[ 3437.460276]        bchfs_truncate+0x254/0x3c0 [bcachefs]\n[ 3437.460686]        notify_change+0x1f1/0x4a0\n[ 3437.461283]        do_truncate+0x7f/0xd0\n[ 3437.461555]        path_openat+0xa57/0xce0\n[ 3437.461836]        do_filp_open+0xb4/0x160\n[ 3437.462116]        do_sys_openat2+0x91/0xc0\n[ 3437.462402]        __x64_sys_openat+0x53/0xa0\n[ 3437.462701]        do_syscall_64+0x42/0xf0\n[ 3437.462982]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.463359]\n               -> #1 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}:\n[ 3437.463843]        down_write+0x3b/0xc0\n[ 3437.464223]        bch2_write_iter+0x5b/0xcc0 [bcachefs]\n[ 3437.464493]        vfs_write+0x21b/0x4c0\n[ 3437.464653]        ksys_write+0x69/0xf0\n[ 3437.464839]        do_syscall_64+0x42/0xf0\n[ 3437.465009]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.465231]\n               -> #0 (sb_writers#10){.+.+}-{0:0}:\n[ 3437.465471]        __lock_acquire+0x1455/0x21b0\n[ 3437.465656]        lock_acquire+0xc6/0x2b0\n[ 3437.465822]        mnt_want_write+0x46/0x1a0\n[ 3437.465996]        filename_create+0x62/0x190\n[ 3437.466175]        user_path_create+0x2d/0x50\n[ 3437.466352]        bch2_fs_file_ioctl+0x2ec/0xc90 [bcachefs]\n[ 3437.466617]        __x64_sys_ioctl+0x93/0xd0\n[ 3437.466791]        do_syscall_64+0x42/0xf0\n[ 3437.466957]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.467180]\n               other info that might help us debug this:\n\n[ 3437.469670] 2 locks held by bcachefs/35533:\n               other info that might help us debug this:\n\n[ 3437.467507] Chain exists of:\n                 sb_writers#10 --> &c->snapshot_create_lock --> &type->s_umount_key#48\n\n[ 3437.467979]  Possible unsafe locking scenario:\n\n[ 3437.468223]        CPU0                    CPU1\n[ 3437.468405]        ----                    ----\n[ 3437.468585]   rlock(&type->s_umount_key#48);\n[ 3437.468758]                                lock(&c->snapshot_create_lock);\n[ 3437.469030]                                lock(&type->s_umount_key#48);\n[ 3437.469291]   rlock(sb_writers#10);\n[ 3437.469434]\n                *** DEADLOCK ***\n\n[ 3437.469\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26658', 'https://git.kernel.org/linus/2acc59dd88d27ad69b66ded80df16c042b04eeec (6.8-rc1)', 'https://git.kernel.org/stable/c/2acc59dd88d27ad69b66ded80df16c042b04eeec', 'https://git.kernel.org/stable/c/5b41d3fd04c6757b9c2a60a0c5b2609cae9999df', 'https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26658-1451@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26658', 'https://www.cve.org/CVERecord?id=CVE-2024-26658'], 'PublishedDate': '2024-04-02T07:15:42.903Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2024-26662', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: 'panel_cntl' could be null in 'dcn21_set_backlight_level()'", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'\n\n'panel_cntl' structure used to control the display panel could be null,\ndereferencing it could lead to a null pointer access.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26662', 'https://git.kernel.org/linus/e96fddb32931d007db12b1fce9b5e8e4c080401b (6.8-rc4)', 'https://git.kernel.org/stable/c/0c863cab0e9173f8b6c7bc328bee3b8625f131b5', 'https://git.kernel.org/stable/c/2e150ccea13129eb048679114808eb9770443e4d', 'https://git.kernel.org/stable/c/e96fddb32931d007db12b1fce9b5e8e4c080401b', 'https://lore.kernel.org/linux-cve-announce/2024040223-CVE-2024-26662-863c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26662', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26662'], 'PublishedDate': '2024-04-02T07:15:43.213Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2024-26672', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amdgpu: variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368)\n\n357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev,\n\t\t\t\t     enum amdgpu_mca_error_type type,\n358                                  int idx, struct mca_bank_entry *entry)\n359 {\n360         const struct amdgpu_mca_smu_funcs *mca_funcs =\n\t\t\t\t\t\tadev->mca.mca_funcs;\n361         int count;\n362\n363         switch (type) {\n364         case AMDGPU_MCA_ERROR_TYPE_UE:\n365                 count = mca_funcs->max_ue_count;\n\nmca_funcs is dereferenced here.\n\n366                 break;\n367         case AMDGPU_MCA_ERROR_TYPE_CE:\n368                 count = mca_funcs->max_ce_count;\n\nmca_funcs is dereferenced here.\n\n369                 break;\n370         default:\n371                 return -EINVAL;\n372         }\n373\n374         if (idx >= count)\n375                 return -EINVAL;\n376\n377         if (mca_funcs && mca_funcs->mca_get_mca_entry)\n\t        ^^^^^^^^^\n\nChecked too late!", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26672', 'https://git.kernel.org/linus/4f32504a2f85a7b40fe149436881381f48e9c0c0 (6.8-rc1)', 'https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0', 'https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53', 'https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26672-e96e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26672', 'https://www.cve.org/CVERecord?id=CVE-2024-26672'], 'PublishedDate': '2024-04-02T07:15:43.9Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2024-26686', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats\n\nlock_task_sighand() can trigger a hard lockup.  If NR_CPUS threads call\ndo_task_stat() at the same time and the process has NR_THREADS, it will\nspin with irqs disabled O(NR_CPUS * NR_THREADS) time.\n\nChange do_task_stat() to use sig->stats_lock to gather the statistics\noutside of ->siglock protected section, in the likely case this code will\nrun lockless.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26686', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/7601df8031fd67310af891897ef6cc0df4209305 (6.8-rc4)', 'https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071', 'https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305', 'https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d', 'https://linux.oracle.com/cve/CVE-2024-26686.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024040335-CVE-2024-26686-b22f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26686', 'https://www.cve.org/CVERecord?id=CVE-2024-26686'], 'PublishedDate': '2024-04-03T15:15:52.263Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26691', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Fix circular locking dependency', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix circular locking dependency\n\nThe rule inside kvm enforces that the vcpu->mutex is taken *inside*\nkvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquires\nthe kvm->lock while already holding the vcpu->mutex lock from\nkvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by\nprotecting the hyp vm handle with the config_lock, much like we already\ndo for other forms of VM-scoped data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26691', 'https://git.kernel.org/linus/10c02aad111df02088d1a81792a709f6a7eca6cc (6.8-rc5)', 'https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc', 'https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc', 'https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228', 'https://lore.kernel.org/linux-cve-announce/2024040336-CVE-2024-26691-fff7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26691', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26691'], 'PublishedDate': '2024-04-03T15:15:52.55Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26699', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26699', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr\n\n[Why]\nThere is a potential memory access violation while\niterating through array of dcn35 clks.\n\n[How]\nLimit iteration per array size.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26699', 'https://git.kernel.org/linus/46806e59a87790760870d216f54951a5b4d545bc (6.8-rc5)', 'https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc', 'https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb', 'https://lore.kernel.org/linux-cve-announce/2024040339-CVE-2024-26699-c700@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26699', 'https://www.cve.org/CVERecord?id=CVE-2024-26699'], 'PublishedDate': '2024-04-03T15:15:52.98Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26700', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26700', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix MST Null Ptr for RV', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix MST Null Ptr for RV\n\nThe change try to fix below error specific to RV platform:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\nHardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\nCall Trace:\n <TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n ? _copy_to_user+0x25/0x30\n ? drm_ioctl+0x296/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n drm_ioctl_kernel+0xcd/0x170\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4dad17f76f\nCode: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c>\nRSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f\nRDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b\nRBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc\nR13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0\n </TASK>\nModules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep >\n typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas>\nCR2: 0000000000000008\n---[ end trace 0000000000000000 ]---\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26700', 'https://git.kernel.org/linus/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57 (6.8-rc4)', 'https://git.kernel.org/stable/c/01d992088dce3945f70f49f34b0b911c5213c238', 'https://git.kernel.org/stable/c/5cd7185d2db76c42a9b7e69adad9591d9fca093f', 'https://git.kernel.org/stable/c/7407c61f43b66e90ad127d0cdd13cbc9d87141a5', 'https://git.kernel.org/stable/c/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57', 'https://lore.kernel.org/linux-cve-announce/2024040339-CVE-2024-26700-a2b8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26700', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26700'], 'PublishedDate': '2024-04-03T15:15:53.03Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26714', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: sc8180x: Mark CO0 BCM keepalive\n\nThe CO0 BCM needs to be up at all times, otherwise some hardware (like\nthe UFS controller) loses its connection to the rest of the SoC,\nresulting in a hang of the platform, accompanied by a spectacular\nlogspam.\n\nMark it as keepalive to prevent such cases.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26714', 'https://git.kernel.org/linus/85e985a4f46e462a37f1875cb74ed380e7c0c2e0 (6.8-rc5)', 'https://git.kernel.org/stable/c/6616d3c4f8284a7b3ef978c916566bd240cea1c7', 'https://git.kernel.org/stable/c/7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0', 'https://git.kernel.org/stable/c/85e985a4f46e462a37f1875cb74ed380e7c0c2e0', 'https://git.kernel.org/stable/c/d8e36ff40cf9dadb135f3a97341c02c9a7afcc43', 'https://lore.kernel.org/linux-cve-announce/2024040343-CVE-2024-26714-d9a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26714', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26714'], 'PublishedDate': '2024-04-03T15:15:53.7Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26718', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-crypt, dm-verity: disable tasklets', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt, dm-verity: disable tasklets\n\nTasklets have an inherent problem with memory corruption. The function\ntasklet_action_common calls tasklet_trylock, then it calls the tasklet\ncallback and then it calls tasklet_unlock. If the tasklet callback frees\nthe structure that contains the tasklet or if it calls some code that may\nfree it, tasklet_unlock will write into free memory.\n\nThe commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but\nit is not a sufficient fix and the data corruption can still happen [1].\nThere is no fix for dm-verity and dm-verity will write into free memory\nwith every tasklet-processed bio.\n\nThere will be atomic workqueues implemented in the kernel 6.9 [2]. They\nwill have better interface and they will not suffer from the memory\ncorruption problem.\n\nBut we need something that stops the memory corruption now and that can be\nbackported to the stable kernels. So, I'm proposing this commit that\ndisables tasklets in both dm-crypt and dm-verity. This commit doesn't\nremove the tasklet support, because the tasklet code will be reused when\natomic workqueues will be implemented.\n\n[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/\n[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26718', 'https://git.kernel.org/linus/0a9bab391e336489169b95cb0d4553d921302189 (6.8-rc3)', 'https://git.kernel.org/stable/c/0a9bab391e336489169b95cb0d4553d921302189', 'https://git.kernel.org/stable/c/0c45a20cbe68bc4d681734f5c03891124a274257', 'https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94', 'https://git.kernel.org/stable/c/5735a2671ffb70ea29ca83969fe01316ee2ed6fc', 'https://lore.kernel.org/linux-cve-announce/2024040344-CVE-2024-26718-7259@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26718', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26718'], 'PublishedDate': '2024-04-03T15:15:53.897Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26719', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau: offload fence uevents work to workqueue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: offload fence uevents work to workqueue\n\nThis should break the deadlock between the fctx lock and the irq lock.\n\nThis offloads the processing off the work from the irq into a workqueue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26719', 'https://git.kernel.org/linus/39126abc5e20611579602f03b66627d7cd1422f0 (6.8-rc3)', 'https://git.kernel.org/stable/c/39126abc5e20611579602f03b66627d7cd1422f0', 'https://git.kernel.org/stable/c/985d053f7633d8b539ab1531738d538efac678a9', 'https://git.kernel.org/stable/c/cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906', 'https://lore.kernel.org/linux-cve-announce/2024040344-CVE-2024-26719-b66e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26719', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26719'], 'PublishedDate': '2024-04-03T15:15:53.947Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26726', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: btrfs: don't drop extent_map for free space inode on write error", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't drop extent_map for free space inode on write error\n\nWhile running the CI for an unrelated change I hit the following panic\nwith generic/648 on btrfs_holes_spacecache.\n\nassertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385\n------------[ cut here ]------------\nkernel BUG at fs/btrfs/extent_io.c:1385!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G        W          6.8.0-rc2+ #1\nRIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0\nCall Trace:\n <TASK>\n extent_write_cache_pages+0x2ac/0x8f0\n extent_writepages+0x87/0x110\n do_writepages+0xd5/0x1f0\n filemap_fdatawrite_wbc+0x63/0x90\n __filemap_fdatawrite_range+0x5c/0x80\n btrfs_fdatawrite_range+0x1f/0x50\n btrfs_write_out_cache+0x507/0x560\n btrfs_write_dirty_block_groups+0x32a/0x420\n commit_cowonly_roots+0x21b/0x290\n btrfs_commit_transaction+0x813/0x1360\n btrfs_sync_file+0x51a/0x640\n __x64_sys_fdatasync+0x52/0x90\n do_syscall_64+0x9c/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThis happens because we fail to write out the free space cache in one\ninstance, come back around and attempt to write it again.  However on\nthe second pass through we go to call btrfs_get_extent() on the inode to\nget the extent mapping.  Because this is a new block group, and with the\nfree space inode we always search the commit root to avoid deadlocking\nwith the tree, we find nothing and return a EXTENT_MAP_HOLE for the\nrequested range.\n\nThis happens because the first time we try to write the space cache out\nwe hit an error, and on an error we drop the extent mapping.  This is\nnormal for normal files, but the free space cache inode is special.  We\nalways expect the extent map to be correct.  Thus the second time\nthrough we end up with a bogus extent map.\n\nSince we're deprecating this feature, the most straightforward way to\nfix this is to simply skip dropping the extent map range for this failed\nrange.\n\nI shortened the test by using error injection to stress the area to make\nit easier to reproduce.  With this patch in place we no longer panic\nwith my error injection test.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26726', 'https://git.kernel.org/linus/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade (6.8-rc5)', 'https://git.kernel.org/stable/c/02f2b95b00bf57d20320ee168b30fb7f3db8e555', 'https://git.kernel.org/stable/c/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade', 'https://git.kernel.org/stable/c/7bddf18f474f166c19f91b2baf67bf7c5eda03f7', 'https://git.kernel.org/stable/c/a4b7741c8302e28073bfc6dd1c2e73598e5e535e', 'https://lore.kernel.org/linux-cve-announce/2024040346-CVE-2024-26726-fed0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26726', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26726'], 'PublishedDate': '2024-04-03T15:15:54.313Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26739', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: net/sched: act_mirred: don't override retval if we already lost the skb", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don't override retval if we already lost the skb\n\nIf we're redirecting the skb, and haven't called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26739', 'https://git.kernel.org/linus/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 (6.8-rc6)', 'https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210', 'https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d', 'https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7', 'https://linux.oracle.com/cve/CVE-2024-26739.html', 'https://linux.oracle.com/errata/ELSA-2024-6997.html', 'https://lore.kernel.org/linux-cve-announce/2024040300-CVE-2024-26739-170e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26739', 'https://www.cve.org/CVERecord?id=CVE-2024-26739'], 'PublishedDate': '2024-04-03T17:15:51.367Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26740', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: act_mirred: use the backlog for mirred ingress', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 ("act_mirred: use the backlog\nfor nested calls to mirred ingress") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -> ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -> ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26740', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/52f671db18823089a02f07efc04efdb2272ddc17 (6.8-rc6)', 'https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17', 'https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be', 'https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4', 'https://linux.oracle.com/cve/CVE-2024-26740.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024040300-CVE-2024-26740-4d6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26740', 'https://www.cve.org/CVERecord?id=CVE-2024-26740'], 'PublishedDate': '2024-04-03T17:15:51.41Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26742', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: smartpqi: Fix disable_managed_interrupts', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[    7.860089] scsi host2: smartpqi\n[    7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[    7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[    7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[    7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[    7.963026] Workqueue: events work_for_cpu_fn\n[    7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[    7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[    7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[    7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[    7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[    7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[    7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[    7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[    7.978290] FS:  0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[    7.978292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[    8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[    8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[    8.172818] PKRU: 55555554\n[    8.172819] Call Trace:\n[    8.172823]  blk_mq_alloc_tag_set+0x12e/0x310\n[    8.264339]  scsi_add_host_with_dma.cold.9+0x30/0x245\n[    8.279302]  pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[    8.294085]  ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[    8.309015]  pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[    8.323286]  local_pci_probe+0x42/0x80\n[    8.337855]  work_for_cpu_fn+0x16/0x20\n[    8.351193]  process_one_work+0x1a7/0x360\n[    8.364462]  ? create_worker+0x1a0/0x1a0\n[    8.379252]  worker_thread+0x1ce/0x390\n[    8.392623]  ? create_worker+0x1a0/0x1a0\n[    8.406295]  kthread+0x10a/0x120\n[    8.418428]  ? set_kthread_struct+0x50/0x50\n[    8.431532]  ret_from_fork+0x1f/0x40\n[    8.444137] ---[ end trace 1bf0173d39354506 ]---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26742', 'https://git.kernel.org/linus/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a (6.8-rc6)', 'https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe', 'https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df', 'https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a', 'https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d', 'https://linux.oracle.com/cve/CVE-2024-26742.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024040301-CVE-2024-26742-1b19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26742', 'https://www.cve.org/CVERecord?id=CVE-2024-26742'], 'PublishedDate': '2024-04-03T17:15:51.517Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26756', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: md: Don't register sync_thread for reshape directly", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't register sync_thread for reshape directly\n\nCurrently, if reshape is interrupted, then reassemble the array will\nregister sync_thread directly from pers->run(), in this case\n'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee\nthat md_do_sync() will be executed, hence stop_sync_thread() will hang\nbecause 'MD_RECOVERY_RUNNING' can't be cleared.\n\nLast patch make sure that md_do_sync() will set MD_RECOVERY_DONE,\nhowever, following hang can still be triggered by dm-raid test\nshell/lvconvert-raid-reshape.sh occasionally:\n\n[root@fedora ~]# cat /proc/1982/stack\n[<0>] stop_sync_thread+0x1ab/0x270 [md_mod]\n[<0>] md_frozen_sync_thread+0x5c/0xa0 [md_mod]\n[<0>] raid_presuspend+0x1e/0x70 [dm_raid]\n[<0>] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]\n[<0>] __dm_destroy+0x2a5/0x310 [dm_mod]\n[<0>] dm_destroy+0x16/0x30 [dm_mod]\n[<0>] dev_remove+0x165/0x290 [dm_mod]\n[<0>] ctl_ioctl+0x4bb/0x7b0 [dm_mod]\n[<0>] dm_ctl_ioctl+0x11/0x20 [dm_mod]\n[<0>] vfs_ioctl+0x21/0x60\n[<0>] __x64_sys_ioctl+0xb9/0xe0\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nMeanwhile mddev->recovery is:\nMD_RECOVERY_RUNNING |\nMD_RECOVERY_INTR |\nMD_RECOVERY_RESHAPE |\nMD_RECOVERY_FROZEN\n\nFix this problem by remove the code to register sync_thread directly\nfrom raid10 and raid5. And let md_check_recovery() to register\nsync_thread.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26756', 'https://git.kernel.org/linus/ad39c08186f8a0f221337985036ba86731d6aafe (6.8-rc6)', 'https://git.kernel.org/stable/c/13b520fb62b772e408f9b79c5fe18ad414e90417', 'https://git.kernel.org/stable/c/ad39c08186f8a0f221337985036ba86731d6aafe', 'https://lore.kernel.org/linux-cve-announce/2024040303-CVE-2024-26756-135f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26756', 'https://www.cve.org/CVERecord?id=CVE-2024-26756'], 'PublishedDate': '2024-04-03T17:15:52.15Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26757', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: md: Don't ignore read-only array in md_check_recovery()", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\'t ignore read-only array in md_check_recovery()\n\nUsually if the array is not read-write, md_check_recovery() won\'t\nregister new sync_thread in the first place. And if the array is\nread-write and sync_thread is registered, md_set_readonly() will\nunregister sync_thread before setting the array read-only. md/raid\nfollow this behavior hence there is no problem.\n\nAfter commit f52f5c71f3d4 ("md: fix stopping sync thread"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) array is read-only. dm-raid update super block:\nrs_update_sbs\n ro = mddev->ro\n mddev->ro = 0\n  -> set array read-write\n md_update_sb\n\n2) register new sync thread concurrently.\n\n3) dm-raid set array back to read-only:\nrs_update_sbs\n mddev->ro = ro\n\n4) stop the array:\nraid_dtr\n md_stop\n  stop_sync_thread\n    set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n    md_wakeup_thread_directly(mddev->sync_thread);\n    wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n5) sync thread done:\n md_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n6) daemon thread can\'t unregister sync thread:\n md_check_recovery\n  if (!md_is_rdwr(mddev) &&\n      !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))\n   return;\n  -> -> MD_RECOVERY_RUNNING can\'t be cleared, hence step 4 hang;\n\nThe root cause is that dm-raid manipulate \'mddev->ro\' by itself,\nhowever, dm-raid really should stop sync thread before setting the\narray read-only. Unfortunately, I need to read more code before I\ncan refacter the handler of \'mddev->ro\' in dm-raid, hence let\'s fix\nthe problem the easy way for now to prevent dm-raid regression.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26757', 'https://git.kernel.org/linus/55a48ad2db64737f7ffc0407634218cc6e4c513b (6.8-rc6)', 'https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3', 'https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b', 'https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26757-7f96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26757', 'https://www.cve.org/CVERecord?id=CVE-2024-26757'], 'PublishedDate': '2024-04-03T17:15:52.207Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26758', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: md: Don't ignore suspended array in md_check_recovery()", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\'t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\'t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\'t be unregistered.\n\nAfter commit f52f5c71f3d4 ("md: fix stopping sync thread"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n  __md_stop_writes\n   stop_sync_thread\n    set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n    md_wakeup_thread_directly(mddev->sync_thread);\n    wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n4) daemon thread can\'t unregister sync thread:\nmd_check_recovery\n if (mddev->suspended)\n   return; -> return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);\n -> MD_RECOVERY_RUNNING can\'t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26758', 'https://git.kernel.org/linus/1baae052cccd08daf9a9d64c3f959d8cdb689757 (6.8-rc6)', 'https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757', 'https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0', 'https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26758-dcc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26758', 'https://www.cve.org/CVERecord?id=CVE-2024-26758'], 'PublishedDate': '2024-04-03T17:15:52.263Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26759', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/swap: fix race when skipping swapcache', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swap: fix race when skipping swapcache\n\nWhen skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads\nswapin the same entry at the same time, they get different pages (A, B). \nBefore one thread (T0) finishes the swapin and installs page (A) to the\nPTE, another thread (T1) could finish swapin of page (B), swap_free the\nentry, then swap out the possibly modified page reusing the same entry. \nIt breaks the pte_same check in (T0) because PTE value is unchanged,\ncausing ABA problem.  Thread (T0) will install a stalled page (A) into the\nPTE and cause data corruption.\n\nOne possible callstack is like this:\n\nCPU0                                 CPU1\n----                                 ----\ndo_swap_page()                       do_swap_page() with same entry\n<direct swapin path>                 <direct swapin path>\n<alloc page A>                       <alloc page B>\nswap_read_folio() <- read to page A  swap_read_folio() <- read to page B\n<slow on later locks or interrupt>   <finished swapin first>\n...                                  set_pte_at()\n                                     swap_free() <- entry is free\n                                     <write to page B, now page A stalled>\n                                     <swap out page B to same swap entry>\npte_same() <- Check pass, PTE seems\n              unchanged, but page A\n              is stalled!\nswap_free() <- page B content lost!\nset_pte_at() <- staled page A installed!\n\nAnd besides, for ZRAM, swap_free() allows the swap device to discard the\nentry content, so even if page (B) is not modified, if swap_read_folio()\non CPU0 happens later than swap_free() on CPU1, it may also cause data\nloss.\n\nTo fix this, reuse swapcache_prepare which will pin the swap entry using\nthe cache flag, and allow only one thread to swap it in, also prevent any\nparallel code from putting the entry in the cache.  Release the pin after\nPT unlocked.\n\nRacers just loop and wait since it\'s a rare and very short event.  A\nschedule_timeout_uninterruptible(1) call is added to avoid repeated page\nfaults wasting too much CPU, causing livelock or adding too much noise to\nperf statistics.  A similar livelock issue was described in commit\n029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead")\n\nReproducer:\n\nThis race issue can be triggered easily using a well constructed\nreproducer and patched brd (with a delay in read path) [1]:\n\nWith latest 6.8 mainline, race caused data loss can be observed easily:\n$ gcc -g -lpthread test-thread-swap-race.c && ./a.out\n  Polulating 32MB of memory region...\n  Keep swapping out...\n  Starting round 0...\n  Spawning 65536 workers...\n  32746 workers spawned, wait for done...\n  Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss!\n  Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss!\n  Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss!\n  Round 0 Failed, 15 data loss!\n\nThis reproducer spawns multiple threads sharing the same memory region\nusing a small swap device.  Every two threads updates mapped pages one by\none in opposite direction trying to create a race, with one dedicated\nthread keep swapping out the data out using madvise.\n\nThe reproducer created a reproduce rate of about once every 5 minutes, so\nthe race should be totally possible in production.\n\nAfter this patch, I ran the reproducer for over a few hundred rounds and\nno data loss observed.\n\nPerformance overhead is minimal, microbenchmark swapin 10G from 32G\nzram:\n\nBefore:     10934698 us\nAfter:      11157121 us\nCached:     13155355 us (Dropping SWP_SYNCHRONOUS_IO flag)\n\n[kasong@tencent.com: v4]\n  Link: https://lkml.kernel.org/r/20240219082040.7495-1-ryncsn@gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-26759', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/13ddaf26be324a7f951891ecd9ccd04466d27458 (6.8-rc6)', 'https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458', 'https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95', 'https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a', 'https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d', 'https://linux.oracle.com/cve/CVE-2024-26759.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26759-45f1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26759', 'https://www.cve.org/CVERecord?id=CVE-2024-26759'], 'PublishedDate': '2024-04-03T17:15:52.32Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26767', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: fixed integer types and null check locations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26767', 'https://git.kernel.org/linus/0484e05d048b66d01d1f3c1d2306010bb57d8738 (6.8-rc5)', 'https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738', 'https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375', 'https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7', 'https://lore.kernel.org/linux-cve-announce/2024040306-CVE-2024-26767-bdac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26767', 'https://www.cve.org/CVERecord?id=CVE-2024-26767'], 'PublishedDate': '2024-04-03T17:15:52.747Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26770', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: nvidia-shield: Add missing null pointer checks to LED initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26770', 'https://git.kernel.org/linus/b6eda11c44dc89a681e1c105f0f4660e69b1e183 (6.8-rc3)', 'https://git.kernel.org/stable/c/83527a13740f57b45f162e3af4c7db4b88521100', 'https://git.kernel.org/stable/c/b6eda11c44dc89a681e1c105f0f4660e69b1e183', 'https://git.kernel.org/stable/c/e71cc4a1e584293deafff1a7dea614b0210d0443', 'https://lore.kernel.org/linux-cve-announce/2024040307-CVE-2024-26770-1c08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26770', 'https://www.cve.org/CVERecord?id=CVE-2024-26770'], 'PublishedDate': '2024-04-03T17:15:52.91Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26775', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: aoe: avoid potential deadlock at set_capacity', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (&d->lock).\nTo avoid possible interrupt unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n[1] lock(&bdev->bd_size_lock);\n                                local_irq_disable();\n                            [2] lock(&d->lock);\n                            [3] lock(&bdev->bd_size_lock);\n   <Interrupt>\n[4]  lock(&d->lock);\n\n  *** DEADLOCK ***\n\nWhere [1](&bdev->bd_size_lock) hold by zram_add()->set_capacity().\n[2]lock(&d->lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(&d->lock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](&d->lock) -> [3](&bdev->bd_size_lock) by moving set_capacity()\noutside.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26775', 'https://git.kernel.org/linus/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86 (6.8-rc2)', 'https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77', 'https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26', 'https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c', 'https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86', 'https://lore.kernel.org/linux-cve-announce/2024040309-CVE-2024-26775-8dc1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26775', 'https://www.cve.org/CVERecord?id=CVE-2024-26775'], 'PublishedDate': '2024-04-03T17:15:53.187Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26807', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: cadence-qspi: fix pointer reference in runtime PM hooks', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBoth cadence-quadspi ->runtime_suspend() and ->runtime_resume()\nimplementations start with:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nThis obviously cannot be correct, unless "struct cqspi_st" is the\nfirst member of " struct spi_controller", or the other way around, but\nit is not the case. "struct spi_controller" is allocated by\ndevm_spi_alloc_host(), which allocates an extra amount of memory for\nprivate data, used to store "struct cqspi_st".\n\nThe ->probe() function of the cadence-quadspi driver then sets the\ndevice drvdata to store the address of the "struct cqspi_st"\nstructure. Therefore:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\nis correct, but:\n\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nis not, as it makes "host" point not to a "struct spi_controller" but\nto the same "struct cqspi_st" structure as above.\n\nThis obviously leads to bad things (memory corruption, kernel crashes)\ndirectly during ->probe(), as ->probe() enables the device using PM\nruntime, leading the ->runtime_resume() hook being called, which in\nturns calls spi_controller_resume() with the wrong pointer.\n\nThis has at least been reported [0] to cause a kernel crash, but the\nexact behavior will depend on the memory contents.\n\n[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/\n\nThis issue potentially affects all platforms that are currently using\nthe cadence-quadspi driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26807', 'https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61', 'https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc', 'https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26807', 'https://www.cve.org/CVERecord?id=CVE-2024-26807'], 'PublishedDate': '2024-04-04T09:15:09.38Z', 'LastModifiedDate': '2024-06-20T10:15:09.303Z'}, {'VulnerabilityID': 'CVE-2024-26822', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: set correct id, uid and cruid for multiuser automounts', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: set correct id, uid and cruid for multiuser automounts\n\nWhen uid, gid and cruid are not specified, we need to dynamically\nset them into the filesystem context used for automounting otherwise\nthey'll end up reusing the values from the parent mount.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26822', 'https://git.kernel.org/linus/4508ec17357094e2075f334948393ddedbb75157 (6.8-rc5)', 'https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157', 'https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb', 'https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626', 'https://lore.kernel.org/linux-cve-announce/2024041702-CVE-2024-26822-04b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26822', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26822'], 'PublishedDate': '2024-04-17T10:15:08.977Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26837', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr->mdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br->mdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge's\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n    root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \\\n    > ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n    root@infix-06-0b-00:~$ ip link del dev br0\n    root@infix-06-0b-00:~$ mvls atu\n    ADDRESS             FID  STATE      Q  F  0  1  2  3  4  5  6  7  8  9  a\n    DEV:0 Marvell 88E6393X\n    33:33:00:00:00:6a     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .\n    33:33:ff:87:e4:3f     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .\n    ff:ff:ff:ff:ff:ff     1  static     -  -  0  1  2  3  4  5  6  7  8  9  a\n    root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host's membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n    root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \\\n    > ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n   list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n   enqueued to the switchdev deferred queue, before adding it to the\n   replay list, when replaying additions.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26837', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/dc489f86257cab5056e747344f17a164f63bff4b (6.8-rc6)', 'https://git.kernel.org/stable/c/2d5b4b3376fa146a23917b8577064906d643925f', 'https://git.kernel.org/stable/c/603be95437e7fd85ba694e75918067fb9e7754db', 'https://git.kernel.org/stable/c/dc489f86257cab5056e747344f17a164f63bff4b', 'https://git.kernel.org/stable/c/e0b4c5b1d760008f1dd18c07c35af0442e54f9c8', 'https://linux.oracle.com/cve/CVE-2024-26837.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024041715-CVE-2024-26837-753c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26837', 'https://www.cve.org/CVERecord?id=CVE-2024-26837'], 'PublishedDate': '2024-04-17T10:15:09.757Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26842', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\n\nWhen task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\n\n[name:debug_monitors&]Unexpected kernel BRK exception at EL1\n[name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\n[name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done\n[name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\n[name:mrdump&]PHYS_OFFSET: 0x80000000\n[name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO)\n[name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\n[name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n[name:mrdump&]sp : ffffffc0081471b0\n<snip>\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\n dump_backtrace+0xf8/0x144\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x9c\n dump_stack+0x18/0x44\n mrdump_common_die+0x254/0x480 [mrdump]\n ipanic_die+0x20/0x30 [mrdump]\n notify_die+0x15c/0x204\n die+0x10c/0x5f8\n arm64_notify_die+0x74/0x13c\n do_debug_exception+0x164/0x26c\n el1_dbg+0x64/0x80\n el1h_64_sync_handler+0x3c/0x90\n el1h_64_sync+0x68/0x6c\n ufshcd_clear_cmd+0x280/0x288\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\n ufshcd_verify_dev_init+0x84/0x1c8\n ufshcd_probe_hba+0x724/0x1ce0\n ufshcd_host_reset_and_restore+0x260/0x574\n ufshcd_reset_and_restore+0x138/0xbd0\n ufshcd_err_handler+0x1218/0x2f28\n process_one_work+0x5fc/0x1140\n worker_thread+0x7d8/0xe20\n kthread+0x25c/0x468\n ret_from_fork+0x10/0x20', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26842', 'https://git.kernel.org/linus/b513d30d59bb383a6a5d6b533afcab2cee99a8f8 (6.8-rc4)', 'https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe', 'https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb', 'https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8', 'https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26842-d556@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26842', 'https://www.cve.org/CVERecord?id=CVE-2024-26842'], 'PublishedDate': '2024-04-17T10:15:09.997Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26844', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: Fix WARNING in _copy_from_iter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix WARNING in _copy_from_iter\n\nSyzkaller reports a warning in _copy_from_iter because an\niov_iter is supposedly used in the wrong direction. The reason\nis that syzcaller managed to generate a request with\na transfer direction of SG_DXFER_TO_FROM_DEV. This instructs\nthe kernel to copy user buffers into the kernel, read into\nthe copied buffers and then copy the data back to user space.\n\nThus the iovec is used in both directions.\n\nDetect this situation in the block layer and construct a new\niterator with the correct direction for the copy-in.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26844', 'https://git.kernel.org/linus/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6 (6.8-rc2)', 'https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956', 'https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6', 'https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b', 'https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b', 'https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26844-c534@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26844', 'https://www.cve.org/CVERecord?id=CVE-2024-26844'], 'PublishedDate': '2024-04-17T10:15:10.093Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26853', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: avoid returning frame twice in XDP_REDIRECT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid returning frame twice in XDP_REDIRECT\n\nWhen a frame can not be transmitted in XDP_REDIRECT\n(e.g. due to a full queue), it is necessary to free\nit by calling xdp_return_frame_rx_napi.\n\nHowever, this is the responsibility of the caller of\nthe ndo_xdp_xmit (see for example bq_xmit_all in\nkernel/bpf/devmap.c) and thus calling it inside\nigc_xdp_xmit (which is the ndo_xdp_xmit of the igc\ndriver) as well will lead to memory corruption.\n\nIn fact, bq_xmit_all expects that it can return all\nframes after the last successfully transmitted one.\nTherefore, break for the first not transmitted frame,\nbut do not call xdp_return_frame_rx_napi in igc_xdp_xmit.\nThis is equally implemented in other Intel drivers\nsuch as the igb.\n\nThere are two alternatives to this that were rejected:\n1. Return num_frames as all the frames would have been\n   transmitted and release them inside igc_xdp_xmit.\n   While it might work technically, it is not what\n   the return value is meant to represent (i.e. the\n   number of SUCCESSFULLY transmitted packets).\n2. Rework kernel/bpf/devmap.c and all drivers to\n   support non-consecutively dropped packets.\n   Besides being complex, it likely has a negative\n   performance impact without a significant gain\n   since it is anyway unlikely that the next frame\n   can be transmitted if the previous one was dropped.\n\nThe memory corruption can be reproduced with\nthe following script which leads to a kernel panic\nafter a few seconds.  It basically generates more\ntraffic than a i225 NIC can transmit and pushes it\nvia XDP_REDIRECT from a virtual interface to the\nphysical interface where frames get dropped.\n\n   #!/bin/bash\n   INTERFACE=enp4s0\n   INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex`\n\n   sudo ip link add dev veth1 type veth peer name veth2\n   sudo ip link set up $INTERFACE\n   sudo ip link set up veth1\n   sudo ip link set up veth2\n\n   cat << EOF > redirect.bpf.c\n\n   SEC("prog")\n   int redirect(struct xdp_md *ctx)\n   {\n       return bpf_redirect($INTERFACE_IDX, 0);\n   }\n\n   char _license[] SEC("license") = "GPL";\n   EOF\n   clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o\n   sudo ip link set veth2 xdp obj redirect.bpf.o\n\n   cat << EOF > pass.bpf.c\n\n   SEC("prog")\n   int pass(struct xdp_md *ctx)\n   {\n       return XDP_PASS;\n   }\n\n   char _license[] SEC("license") = "GPL";\n   EOF\n   clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o\n   sudo ip link set $INTERFACE xdp obj pass.bpf.o\n\n   cat << EOF > trafgen.cfg\n\n   {\n     /* Ethernet Header */\n     0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46,\n     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n     const16(ETH_P_IP),\n\n     /* IPv4 Header */\n     0b01000101, 0,   # IPv4 version, IHL, TOS\n     const16(1028),   # IPv4 total length (UDP length + 20 bytes (IP header))\n     const16(2),      # IPv4 ident\n     0b01000000, 0,   # IPv4 flags, fragmentation off\n     64,              # IPv4 TTL\n     17,              # Protocol UDP\n     csumip(14, 33),  # IPv4 checksum\n\n     /* UDP Header */\n     10,  0, 1, 1,    # IP Src - adapt as needed\n     10,  0, 1, 2,    # IP Dest - adapt as needed\n     const16(6666),   # UDP Src Port\n     const16(6666),   # UDP Dest Port\n     const16(1008),   # UDP length (UDP header 8 bytes + payload length)\n     csumudp(14, 34), # UDP checksum\n\n     /* Payload */\n     fill(\'W\', 1000),\n   }\n   EOF\n\n   sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26853', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/ef27f655b438bed4c83680e4f01e1cde2739854b (6.8)', 'https://git.kernel.org/stable/c/1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f', 'https://git.kernel.org/stable/c/63a3c1f3c9ecc654d851e7906d05334cd0c236e2', 'https://git.kernel.org/stable/c/8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a', 'https://git.kernel.org/stable/c/ef27f655b438bed4c83680e4f01e1cde2739854b', 'https://linux.oracle.com/cve/CVE-2024-26853.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024041723-CVE-2024-26853-b549@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26853', 'https://www.cve.org/CVERecord?id=CVE-2024-26853'], 'PublishedDate': '2024-04-17T11:15:08.583Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26866', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: lpspi: Avoid potential use-after-free in probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: lpspi: Avoid potential use-after-free in probe()\n\nfsl_lpspi_probe() is allocating/disposing memory manually with\nspi_alloc_host()/spi_alloc_target(), but uses\ndevm_spi_register_controller(). In case of error after the latter call the\nmemory will be explicitly freed in the probe function by\nspi_controller_put() call, but used afterwards by "devm" management outside\nprobe() (spi_unregister_controller() <- devm_spi_unregister() below).\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\n...\nCall trace:\n kernfs_find_ns\n kernfs_find_and_get_ns\n sysfs_remove_group\n sysfs_remove_groups\n device_remove_attrs\n device_del\n spi_unregister_controller\n devm_spi_unregister\n release_nodes\n devres_release_all\n really_probe\n driver_probe_device\n __device_attach_driver\n bus_for_each_drv\n __device_attach\n device_initial_probe\n bus_probe_device\n deferred_probe_work_func\n process_one_work\n worker_thread\n kthread\n ret_from_fork', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26866', 'https://git.kernel.org/linus/2ae0ab0143fcc06190713ed81a6486ed0ad3c861 (6.9-rc1)', 'https://git.kernel.org/stable/c/1543418e82789cc383cd36d41469983c64e3fc7f', 'https://git.kernel.org/stable/c/2ae0ab0143fcc06190713ed81a6486ed0ad3c861', 'https://git.kernel.org/stable/c/996ce839606afd0fef91355627868022aa73eb68', 'https://git.kernel.org/stable/c/da83ed350e4604b976e94239b08d8e2e7eaee7ea', 'https://lore.kernel.org/linux-cve-announce/2024041737-CVE-2024-26866-1e98@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26866', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26866'], 'PublishedDate': '2024-04-17T11:15:09.253Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26869', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate meta inode pages forcely', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t  - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n   due to lock failure or dirty|writeback\n   status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t  - load old data from meta_inode page\n\t\t\t\t\t  - f2fs_submit_page_write\n\t\t\t\t\t  : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26869', 'https://git.kernel.org/linus/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65 (6.9-rc1)', 'https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253', 'https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189', 'https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65', 'https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694', 'https://lore.kernel.org/linux-cve-announce/2024041738-CVE-2024-26869-c9e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26869', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26869'], 'PublishedDate': '2024-04-17T11:15:09.413Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26876', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: adv7511: fix crash on irq during probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n    Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n    Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n    Call trace:\n     cec_received_msg_ts+0x48/0x990 [cec]\n     adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n     adv7511_irq_process+0xd8/0x120 [adv7511]\n     adv7511_irq_handler+0x1c/0x30 [adv7511]\n     irq_thread_fn+0x30/0xa0\n     irq_thread+0x14c/0x238\n     kthread+0x190/0x1a8', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26876', 'https://git.kernel.org/linus/aeedaee5ef5468caf59e2bb1265c2116e0c9a924 (6.9-rc1)', 'https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e', 'https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7', 'https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c', 'https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924', 'https://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26876-3948@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26876', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26876'], 'PublishedDate': '2024-04-17T11:15:09.777Z', 'LastModifiedDate': '2024-10-10T12:15:03.21Z'}, {'VulnerabilityID': 'CVE-2024-26928', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: potential use-after-free in cifs_debug_files_proc_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26928', 'https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3)', 'https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88', 'https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1', 'https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d', 'https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502', 'https://lore.kernel.org/linux-cve-announce/2024042849-CVE-2024-26928-e543@gregkh/', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26928', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26928'], 'PublishedDate': '2024-04-28T12:15:21.14Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2024-26938', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26938', 'https://git.kernel.org/linus/32e39bab59934bfd3f37097d4dd85ac5eb0fd549 (6.9-rc2)', 'https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549', 'https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6', 'https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac', 'https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f', 'https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0', 'https://lore.kernel.org/linux-cve-announce/2024050124-CVE-2024-26938-b3f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26938', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26938'], 'PublishedDate': '2024-05-01T06:15:09.077Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26944', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: zoned: fix use-after-free in do_zone_finish()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix use-after-free in do_zone_finish()\n\nShinichiro reported the following use-after-free triggered by the device\nreplace operation in fstests btrfs/070.\n\n BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0\n ==================================================================\n BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs]\n Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007\n\n CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G        W          6.8.0-rc5-kts #1\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x5b/0x90\n  print_report+0xcf/0x670\n  ? __virt_addr_valid+0x200/0x3e0\n  kasan_report+0xd8/0x110\n  ? do_zone_finish+0x91a/0xb90 [btrfs]\n  ? do_zone_finish+0x91a/0xb90 [btrfs]\n  do_zone_finish+0x91a/0xb90 [btrfs]\n  btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs]\n  ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs]\n  ? btrfs_put_root+0x2d/0x220 [btrfs]\n  ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs]\n  cleaner_kthread+0x21e/0x380 [btrfs]\n  ? __pfx_cleaner_kthread+0x10/0x10 [btrfs]\n  kthread+0x2e3/0x3c0\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x31/0x70\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1b/0x30\n  </TASK>\n\n Allocated by task 3493983:\n  kasan_save_stack+0x33/0x60\n  kasan_save_track+0x14/0x30\n  __kasan_kmalloc+0xaa/0xb0\n  btrfs_alloc_device+0xb3/0x4e0 [btrfs]\n  device_list_add.constprop.0+0x993/0x1630 [btrfs]\n  btrfs_scan_one_device+0x219/0x3d0 [btrfs]\n  btrfs_control_ioctl+0x26e/0x310 [btrfs]\n  __x64_sys_ioctl+0x134/0x1b0\n  do_syscall_64+0x99/0x190\n  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 3494056:\n  kasan_save_stack+0x33/0x60\n  kasan_save_track+0x14/0x30\n  kasan_save_free_info+0x3f/0x60\n  poison_slab_object+0x102/0x170\n  __kasan_slab_free+0x32/0x70\n  kfree+0x11b/0x320\n  btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs]\n  btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs]\n  btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs]\n  btrfs_ioctl+0xb27/0x57d0 [btrfs]\n  __x64_sys_ioctl+0x134/0x1b0\n  do_syscall_64+0x99/0x190\n  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n The buggy address belongs to the object at ffff8881543c8000\n  which belongs to the cache kmalloc-1k of size 1024\n The buggy address is located 96 bytes inside of\n  freed 1024-byte region [ffff8881543c8000, ffff8881543c8400)\n\n The buggy address belongs to the physical page:\n page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8\n head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002\n raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n  ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                                                        ^\n  ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n  ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nThis UAF happens because we're accessing stale zone information of a\nalready removed btrfs_device in do_zone_finish().\n\nThe sequence of events is as follows:\n\nbtrfs_dev_replace_start\n  btrfs_scrub_dev\n   btrfs_dev_replace_finishing\n    btrfs_dev_replace_update_device_in_mapping_tree <-- devices replaced\n    btrfs_rm_dev_replace_free_srcdev\n     btrfs_free_device                              <-- device freed\n\ncleaner_kthread\n btrfs_delete_unused_bgs\n  btrfs_zone_finish\n   do_zone_finish              <-- refers the freed device\n\nThe reason for this is that we're using a\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26944', 'https://git.kernel.org/linus/1ec17ef59168a1a6f1105f5dc517f783839a5302 (6.9-rc2)', 'https://git.kernel.org/stable/c/1ec17ef59168a1a6f1105f5dc517f783839a5302', 'https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57', 'https://lore.kernel.org/linux-cve-announce/2024050125-CVE-2024-26944-598c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26944', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26944'], 'PublishedDate': '2024-05-01T06:15:10.01Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26945', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26945', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: iaa - Fix nr_cpus &lt; nr_iaa case', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix nr_cpus < nr_iaa case\n\nIf nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which\ncauses a divide-by-0 in rebalance_wq_table().\n\nMake sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0\ncase, even though cpus_per_iaa is never used if nr_iaa == 0, for\nparanoia.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26945', 'https://git.kernel.org/linus/5a7e89d3315d1be86aff8a8bf849023cda6547f7 (6.9-rc2)', 'https://git.kernel.org/stable/c/5a7e89d3315d1be86aff8a8bf849023cda6547f7', 'https://git.kernel.org/stable/c/a5ca1be7f9817de4e93085778b3ee2219bdc2664', 'https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26945-bf47@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26945', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26945'], 'PublishedDate': '2024-05-01T06:15:10.177Z', 'LastModifiedDate': '2024-07-03T01:50:05.433Z'}, {'VulnerabilityID': 'CVE-2024-26948', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add a dc_state NULL check in dc_state_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add a dc_state NULL check in dc_state_release\n\n[How]\nCheck wheather state is NULL before releasing it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26948', 'https://git.kernel.org/linus/334b56cea5d9df5989be6cf1a5898114fa70ad98 (6.9-rc1)', 'https://git.kernel.org/stable/c/334b56cea5d9df5989be6cf1a5898114fa70ad98', 'https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269', 'https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26948-43bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26948', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26948'], 'PublishedDate': '2024-05-01T06:15:10.757Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26953', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: esp: fix bad handling of pages from page_pool', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp->inline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n  BUG: Bad page state in process ksoftirqd/16  pfn:1451b6\n  page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n  flags: 0x200000000000000(node=0|zone=2)\n  page_type: 0xffffffff()\n  raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n  raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n  page dumped because: page_pool leak\n  Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n  CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x36/0x50\n   bad_page+0x70/0xf0\n   free_unref_page_prepare+0x27a/0x460\n   free_unref_page+0x38/0x120\n   esp_ssg_unref.isra.0+0x15f/0x200\n   esp_output_tail+0x66d/0x780\n   esp_xmit+0x2c5/0x360\n   validate_xmit_xfrm+0x313/0x370\n   ? validate_xmit_skb+0x1d/0x330\n   validate_xmit_skb_list+0x4c/0x70\n   sch_direct_xmit+0x23e/0x350\n   __dev_queue_xmit+0x337/0xba0\n   ? nf_hook_slow+0x3f/0xd0\n   ip_finish_output2+0x25e/0x580\n   iptunnel_xmit+0x19b/0x240\n   ip_tunnel_xmit+0x5fb/0xb60\n   ipgre_xmit+0x14d/0x280 [ip_gre]\n   dev_hard_start_xmit+0xc3/0x1c0\n   __dev_queue_xmit+0x208/0xba0\n   ? nf_hook_slow+0x3f/0xd0\n   ip_finish_output2+0x1ca/0x580\n   ip_sublist_rcv_finish+0x32/0x40\n   ip_sublist_rcv+0x1b2/0x1f0\n   ? ip_rcv_finish_core.constprop.0+0x460/0x460\n   ip_list_rcv+0x103/0x130\n   __netif_receive_skb_list_core+0x181/0x1e0\n   netif_receive_skb_list_internal+0x1b3/0x2c0\n   napi_gro_receive+0xc8/0x200\n   gro_cell_poll+0x52/0x90\n   __napi_poll+0x25/0x1a0\n   net_rx_action+0x28e/0x300\n   __do_softirq+0xc3/0x276\n   ? sort_range+0x20/0x20\n   run_ksoftirqd+0x1e/0x30\n   smpboot_thread_fn+0xa6/0x130\n   kthread+0xcd/0x100\n   ? kthread_complete_and_exit+0x20/0x20\n   ret_from_fork+0x31/0x50\n   ? kthread_complete_and_exit+0x20/0x20\n   ret_from_fork_asm+0x11/0x20\n   </TASK>\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26953', 'https://git.kernel.org/linus/c3198822c6cb9fb588e446540485669cc81c5d34 (6.9-rc1)', 'https://git.kernel.org/stable/c/1abb20a5f4b02fb3020f88456fc1e6069b3cdc45', 'https://git.kernel.org/stable/c/8291b4eac429c480386669444c6377573f5d8664', 'https://git.kernel.org/stable/c/c3198822c6cb9fb588e446540485669cc81c5d34', 'https://git.kernel.org/stable/c/f278ff9db67264715d0d50e3e75044f8b78990f4', 'https://lore.kernel.org/linux-cve-announce/2024050128-CVE-2024-26953-8304@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26953', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26953'], 'PublishedDate': '2024-05-01T06:15:11.457Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26954', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf ->NameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26954', 'https://git.kernel.org/linus/a80a486d72e20bd12c335bcd38b6e6f19356b0aa (6.9-rc1)', 'https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57', 'https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178', 'https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa', 'https://lore.kernel.org/linux-cve-announce/2024050128-CVE-2024-26954-18d5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26954', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26954'], 'PublishedDate': '2024-05-01T06:15:11.583Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26962', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape\n\nFor raid456, if reshape is still in progress, then IO across reshape\nposition will wait for reshape to make progress. However, for dm-raid,\nin following cases reshape will never make progress hence IO will hang:\n\n1) the array is read-only;\n2) MD_RECOVERY_WAIT is set;\n3) MD_RECOVERY_FROZEN is set;\n\nAfter commit c467e97f079f ("md/raid6: use valid sector values to determine\nif an I/O should wait on the reshape") fix the problem that IO across\nreshape position doesn\'t wait for reshape, the dm-raid test\nshell/lvconvert-raid-reshape.sh start to hang:\n\n[root@fedora ~]# cat /proc/979/stack\n[<0>] wait_woken+0x7d/0x90\n[<0>] raid5_make_request+0x929/0x1d70 [raid456]\n[<0>] md_handle_request+0xc2/0x3b0 [md_mod]\n[<0>] raid_map+0x2c/0x50 [dm_raid]\n[<0>] __map_bio+0x251/0x380 [dm_mod]\n[<0>] dm_submit_bio+0x1f0/0x760 [dm_mod]\n[<0>] __submit_bio+0xc2/0x1c0\n[<0>] submit_bio_noacct_nocheck+0x17f/0x450\n[<0>] submit_bio_noacct+0x2bc/0x780\n[<0>] submit_bio+0x70/0xc0\n[<0>] mpage_readahead+0x169/0x1f0\n[<0>] blkdev_readahead+0x18/0x30\n[<0>] read_pages+0x7c/0x3b0\n[<0>] page_cache_ra_unbounded+0x1ab/0x280\n[<0>] force_page_cache_ra+0x9e/0x130\n[<0>] page_cache_sync_ra+0x3b/0x110\n[<0>] filemap_get_pages+0x143/0xa30\n[<0>] filemap_read+0xdc/0x4b0\n[<0>] blkdev_read_iter+0x75/0x200\n[<0>] vfs_read+0x272/0x460\n[<0>] ksys_read+0x7a/0x170\n[<0>] __x64_sys_read+0x1c/0x30\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nThis is because reshape can\'t make progress.\n\nFor md/raid, the problem doesn\'t exist because register new sync_thread\ndoesn\'t rely on the IO to be done any more:\n\n1) If array is read-only, it can switch to read-write by ioctl/sysfs;\n2) md/raid never set MD_RECOVERY_WAIT;\n3) If MD_RECOVERY_FROZEN is set, mddev_suspend() doesn\'t hold\n   \'reconfig_mutex\', hence it can be cleared and reshape can continue by\n   sysfs api \'sync_action\'.\n\nHowever, I\'m not sure yet how to avoid the problem in dm-raid yet. This\npatch on the one hand make sure raid_message() can\'t change\nsync_thread() through raid_message() after presuspend(), on the other\nhand detect the above 3 cases before wait for IO do be done in\ndm_suspend(), and let dm-raid requeue those IO.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26962', 'https://git.kernel.org/linus/41425f96d7aa59bc865f60f5dda3d7697b555677 (6.9-rc1)', 'https://git.kernel.org/stable/c/41425f96d7aa59bc865f60f5dda3d7697b555677', 'https://git.kernel.org/stable/c/5943a34bf6bab5801e08a55f63e1b8d5bc90dae1', 'https://git.kernel.org/stable/c/a8d249d770cb357d16a2097b548d2e4c1c137304', 'https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26962-cbb0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26962', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26962'], 'PublishedDate': '2024-05-01T06:15:12.527Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26982', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: check the inode number is not the invalid value of zero', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check the inode number is not the invalid value of zero\n\nSyskiller has produced an out of bounds access in fill_meta_index().\n\nThat out of bounds access is ultimately caused because the inode\nhas an inode number with the invalid value of zero, which was not checked.\n\nThe reason this causes the out of bounds access is due to following\nsequence of events:\n\n1. Fill_meta_index() is called to allocate (via empty_meta_index())\n   and fill a metadata index.  It however suffers a data read error\n   and aborts, invalidating the newly returned empty metadata index.\n   It does this by setting the inode number of the index to zero,\n   which means unused (zero is not a valid inode number).\n\n2. When fill_meta_index() is subsequently called again on another\n   read operation, locate_meta_index() returns the previous index\n   because it matches the inode number of 0.  Because this index\n   has been returned it is expected to have been filled, and because\n   it hasn't been, an out of bounds access is performed.\n\nThis patch adds a sanity check which checks that the inode number\nis not zero when the inode is created and returns -EINVAL if it is.\n\n[phillip@squashfs.org.uk: whitespace fix]\n  Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-26982', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265794', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278435', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278473', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281647', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282669', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282898', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284506', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284598', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293412', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47459', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26737', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27030', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27046', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35857', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35885', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38580', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4928', 'https://git.kernel.org/linus/9253c54e01b6505d348afbc02abaa4d9f8a01395 (6.9-rc5)', 'https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5', 'https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395', 'https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e', 'https://linux.oracle.com/cve/CVE-2024-26982.html', 'https://linux.oracle.com/errata/ELSA-2024-4928.html', 'https://lore.kernel.org/linux-cve-announce/2024050141-CVE-2024-26982-8675@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26982', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26982'], 'PublishedDate': '2024-05-01T06:15:15.61Z', 'LastModifiedDate': '2024-05-03T06:15:10.953Z'}, {'VulnerabilityID': 'CVE-2024-26983', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bootconfig: use memblock_free_late to free xbc memory to buddy', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbootconfig: use memblock_free_late to free xbc memory to buddy\n\nOn the time to free xbc memory in xbc_exit(), memblock may has handed\nover memory to buddy allocator. So it doesn't make sense to free memory\nback to memblock. memblock_free() called by xbc_exit() even causes UAF bugs\non architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86.\nFollowing KASAN logs shows this case.\n\nThis patch fixes the xbc memory free problem by calling memblock_free()\nin early xbc init error rewind path and calling memblock_free_late() in\nxbc exit path to free memory to buddy allocator.\n\n[    9.410890] ==================================================================\n[    9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260\n[    9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1\n\n[    9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G     U             6.9.0-rc3-00208-g586b5dfb51b9 #5\n[    9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023\n[    9.460789] Call Trace:\n[    9.463518]  <TASK>\n[    9.465859]  dump_stack_lvl+0x53/0x70\n[    9.469949]  print_report+0xce/0x610\n[    9.473944]  ? __virt_addr_valid+0xf5/0x1b0\n[    9.478619]  ? memblock_isolate_range+0x12d/0x260\n[    9.483877]  kasan_report+0xc6/0x100\n[    9.487870]  ? memblock_isolate_range+0x12d/0x260\n[    9.493125]  memblock_isolate_range+0x12d/0x260\n[    9.498187]  memblock_phys_free+0xb4/0x160\n[    9.502762]  ? __pfx_memblock_phys_free+0x10/0x10\n[    9.508021]  ? mutex_unlock+0x7e/0xd0\n[    9.512111]  ? __pfx_mutex_unlock+0x10/0x10\n[    9.516786]  ? kernel_init_freeable+0x2d4/0x430\n[    9.521850]  ? __pfx_kernel_init+0x10/0x10\n[    9.526426]  xbc_exit+0x17/0x70\n[    9.529935]  kernel_init+0x38/0x1e0\n[    9.533829]  ? _raw_spin_unlock_irq+0xd/0x30\n[    9.538601]  ret_from_fork+0x2c/0x50\n[    9.542596]  ? __pfx_kernel_init+0x10/0x10\n[    9.547170]  ret_from_fork_asm+0x1a/0x30\n[    9.551552]  </TASK>\n\n[    9.555649] The buggy address belongs to the physical page:\n[    9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30\n[    9.570821] flags: 0x200000000000000(node=0|zone=2)\n[    9.576271] page_type: 0xffffffff()\n[    9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000\n[    9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000\n[    9.597476] page dumped because: kasan: bad access detected\n\n[    9.605362] Memory state around the buggy address:\n[    9.610714]  ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    9.618786]  ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[    9.634930]                    ^\n[    9.638534]  ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[    9.646605]  ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[    9.654675] ==================================================================", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26983', 'https://git.kernel.org/linus/89f9a1e876b5a7ad884918c03a46831af202c8a0 (6.9-rc5)', 'https://git.kernel.org/stable/c/1e7feb31a18c197d63a5e606025ed63c762f8918', 'https://git.kernel.org/stable/c/5a7dfb8fcd3f29fc93161100179b27f24f3d5f35', 'https://git.kernel.org/stable/c/89f9a1e876b5a7ad884918c03a46831af202c8a0', 'https://git.kernel.org/stable/c/e46d3be714ad9652480c6db129ab8125e2d20ab7', 'https://lore.kernel.org/linux-cve-announce/2024050142-CVE-2024-26983-9424@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26983', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26983'], 'PublishedDate': '2024-05-01T06:15:15.747Z', 'LastModifiedDate': '2024-05-13T08:15:10.75Z'}, {'VulnerabilityID': 'CVE-2024-27002', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: clk: mediatek: Do a runtime PM get on controllers during probe', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Do a runtime PM get on controllers during probe\n\nmt8183-mfgcfg has a mutual dependency with genpd during the probing\nstage, which leads to a deadlock in the following call stack:\n\nCPU0:  genpd_lock --> clk_prepare_lock\ngenpd_power_off_work_fn()\n genpd_lock()\n generic_pm_domain::power_off()\n    clk_unprepare()\n      clk_prepare_lock()\n\nCPU1: clk_prepare_lock --> genpd_lock\nclk_register()\n  __clk_core_init()\n    clk_prepare_lock()\n    clk_pm_runtime_get()\n      genpd_lock()\n\nDo a runtime PM get at the probe function to make sure clk_register()\nwon't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg,\ndo this on all mediatek clock controller probings because we don't\nbelieve this would cause any regression.\n\nVerified on MT8183 and MT8192 Chromebooks.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27002', 'https://git.kernel.org/linus/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3 (6.9-rc5)', 'https://git.kernel.org/stable/c/165d226472575b213dd90dfda19d1605dd7c19a8', 'https://git.kernel.org/stable/c/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3', 'https://git.kernel.org/stable/c/b62ed25feb342eab052822eff0c554873799a4f5', 'https://git.kernel.org/stable/c/c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc', 'https://lore.kernel.org/linux-cve-announce/2024050146-CVE-2024-27002-3b11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27002', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27002'], 'PublishedDate': '2024-05-01T06:15:18.437Z', 'LastModifiedDate': '2024-05-13T08:15:11.473Z'}, {'VulnerabilityID': 'CVE-2024-27005', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: interconnect: Don&#39;t access req_list while it&#39;s being manipulated', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don\'t access req_list while it\'s being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn\'t adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(&icc_bw_lock);\n                                     icc_put(path_b)\n                                       mutex_lock(&icc_lock);\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                       hlist_del(...\n        <r = invalid pointer>\n\nExample B:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(&icc_bw_lock);\n                                     path_b = of_icc_get()\n                                       of_icc_get_by_index()\n                                         mutex_lock(&icc_lock);\n                                         path_find()\n                                           path_init()\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                             hlist_add_head(...\n        <r = invalid pointer>\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don\'t\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27005', 'https://git.kernel.org/linus/de1bf25b6d771abdb52d43546cf57ad775fb68a1 (6.9-rc5)', 'https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6', 'https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42', 'https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1', 'https://lore.kernel.org/linux-cve-announce/2024050147-CVE-2024-27005-e630@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27005', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27005'], 'PublishedDate': '2024-05-01T06:15:18.883Z', 'LastModifiedDate': '2024-05-13T08:15:11.68Z'}, {'VulnerabilityID': 'CVE-2024-27010', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: Fix mirred deadlock on device recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[   82.890906]\n[   82.890906] ============================================\n[   82.890906] WARNING: possible recursive locking detected\n[   82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G        W\n[   82.890906] --------------------------------------------\n[   82.890906] ping/418 is trying to acquire lock:\n[   82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[   82.890906]\n[   82.890906] but task is already holding lock:\n[   82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[   82.890906]\n[   82.890906] other info that might help us debug this:\n[   82.890906]  Possible unsafe locking scenario:\n[   82.890906]\n[   82.890906]        CPU0\n[   82.890906]        ----\n[   82.890906]   lock(&sch->q.lock);\n[   82.890906]   lock(&sch->q.lock);\n[   82.890906]\n[   82.890906]  *** DEADLOCK ***\n[   82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n     action mirred egress redirect dev eth0\n\nAnother example(eth0->eth1->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n     action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n     action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27010', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/0f022d32c3eca477fbf79a205243a6123ed0fe11 (6.9-rc5)', 'https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11', 'https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef', 'https://linux.oracle.com/cve/CVE-2024-27010.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27010-5a68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27010', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27010'], 'PublishedDate': '2024-05-01T06:15:19.467Z', 'LastModifiedDate': '2024-05-13T08:15:11.933Z'}, {'VulnerabilityID': 'CVE-2024-27014', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Prevent deadlock while disabling aRFS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv->state_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker's responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&priv->state_lock){+.+.}-{3:3}:\n       __mutex_lock+0x80/0xc90\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n       process_one_work+0x1dc/0x4a0\n       worker_thread+0x1bf/0x3c0\n       kthread+0xd7/0x100\n       ret_from_fork+0x2d/0x50\n       ret_from_fork_asm+0x11/0x20\n\n-> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}:\n       __lock_acquire+0x17b4/0x2c80\n       lock_acquire+0xd0/0x2b0\n       __flush_work+0x7a/0x4e0\n       __cancel_work_timer+0x131/0x1c0\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n       ethnl_set_channels+0x28f/0x3b0\n       ethnl_default_set_doit+0xec/0x240\n       genl_family_rcv_msg_doit+0xd0/0x120\n       genl_rcv_msg+0x188/0x2c0\n       netlink_rcv_skb+0x54/0x100\n       genl_rcv+0x24/0x40\n       netlink_unicast+0x1a1/0x270\n       netlink_sendmsg+0x214/0x460\n       __sock_sendmsg+0x38/0x60\n       __sys_sendto+0x113/0x170\n       __x64_sys_sendto+0x20/0x30\n       do_syscall_64+0x40/0xe0\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(&priv->state_lock);\n                               lock((work_completion)(&rule->arfs_work));\n                               lock(&priv->state_lock);\n  lock((work_completion)(&rule->arfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3627', 'https://access.redhat.com/security/cve/CVE-2024-27014', 'https://bugzilla.redhat.com/2250843', 'https://bugzilla.redhat.com/2257406', 'https://bugzilla.redhat.com/2263875', 'https://bugzilla.redhat.com/2265271', 'https://bugzilla.redhat.com/2265646', 'https://bugzilla.redhat.com/2265654', 'https://bugzilla.redhat.com/2265833', 'https://bugzilla.redhat.com/2266296', 'https://bugzilla.redhat.com/2266446', 'https://bugzilla.redhat.com/2266746', 'https://bugzilla.redhat.com/2266841', 'https://bugzilla.redhat.com/2267038', 'https://bugzilla.redhat.com/2267185', 'https://bugzilla.redhat.com/2267355', 'https://bugzilla.redhat.com/2267509', 'https://bugzilla.redhat.com/2267705', 'https://bugzilla.redhat.com/2267724', 'https://bugzilla.redhat.com/2267758', 'https://bugzilla.redhat.com/2267789', 'https://bugzilla.redhat.com/2267797', 'https://bugzilla.redhat.com/2267804', 'https://bugzilla.redhat.com/2268315', 'https://bugzilla.redhat.com/2268317', 'https://bugzilla.redhat.com/2269213', 'https://bugzilla.redhat.com/2269856', 'https://bugzilla.redhat.com/2270080', 'https://bugzilla.redhat.com/2270879', 'https://bugzilla.redhat.com/2270881', 'https://bugzilla.redhat.com/2271469', 'https://bugzilla.redhat.com/2271476', 'https://bugzilla.redhat.com/2272780', 'https://bugzilla.redhat.com/2272791', 'https://bugzilla.redhat.com/2273092', 'https://bugzilla.redhat.com/2273094', 'https://bugzilla.redhat.com/2273223', 'https://bugzilla.redhat.com/2273260', 'https://bugzilla.redhat.com/2273262', 'https://bugzilla.redhat.com/2274624', 'https://bugzilla.redhat.com/2275645', 'https://bugzilla.redhat.com/2275655', 'https://bugzilla.redhat.com/2275666', 'https://bugzilla.redhat.com/2275707', 'https://bugzilla.redhat.com/2275777', 'https://bugzilla.redhat.com/2278169', 'https://bugzilla.redhat.com/2278237', 'https://bugzilla.redhat.com/2278240', 'https://bugzilla.redhat.com/2278268', 'https://bugzilla.redhat.com/2278314', 'https://bugzilla.redhat.com/2278356', 'https://bugzilla.redhat.com/2278398', 'https://bugzilla.redhat.com/2278409', 'https://bugzilla.redhat.com/2278417', 'https://bugzilla.redhat.com/2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250843', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257406', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265646', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266296', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266446', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266746', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266841', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267038', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267185', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267355', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267705', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267724', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267789', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267804', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268291', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268293', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268309', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268315', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268317', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269213', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269856', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270080', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270881', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271469', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271476', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272791', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273092', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273094', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273223', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273260', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273262', 'https://bugzilla.redhat.com/show_bug.cgi?id=2274624', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275666', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275707', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275777', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278169', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278240', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278314', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278356', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278398', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278537', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25162', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47013', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47118', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47153', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47171', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47185', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52445', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52477', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52513', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52520', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52528', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52565', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52578', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23307', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26693', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26694', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26872', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26901', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26964', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26973', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26993', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27014', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27056', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27059', 'https://errata.almalinux.org/8/ALSA-2024-3627.html', 'https://errata.rockylinux.org/RLSA-2024:3618', 'https://git.kernel.org/linus/fef965764cf562f28afb997b626fc7c3cec99693 (6.9-rc5)', 'https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc', 'https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b', 'https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b', 'https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693', 'https://linux.oracle.com/cve/CVE-2024-27014.html', 'https://linux.oracle.com/errata/ELSA-2024-3618.html', 'https://lore.kernel.org/linux-cve-announce/2024050149-CVE-2024-27014-d2dc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27014', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27014'], 'PublishedDate': '2024-05-01T06:15:20.063Z', 'LastModifiedDate': '2024-05-23T19:15:45.993Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-27032', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27032', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to avoid potential panic during recovery', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential panic during recovery\n\nDuring recovery, if FAULT_BLOCK is on, it is possible that\nf2fs_reserve_new_block() will return -ENOSPC during recovery,\nthen it may trigger panic.\n\nAlso, if fault injection rate is 1 and only FAULT_BLOCK fault\ntype is on, it may encounter deadloop in loop of block reservation.\n\nLet's change as below to fix these issues:\n- remove bug_on() to avoid panic.\n- limit the loop count of block reservation to avoid potential\ndeadloop.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27032', 'https://git.kernel.org/linus/21ec68234826b1b54ab980a8df6e33c74cfbee58 (6.9-rc1)', 'https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58', 'https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c', 'https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1', 'https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67', 'https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0', 'https://lore.kernel.org/linux-cve-announce/2024050111-CVE-2024-27032-97a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27032', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27032'], 'PublishedDate': '2024-05-01T13:15:49.23Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27035', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27035', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: compress: fix to guarantee persisting compressed blocks by CP', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to guarantee persisting compressed blocks by CP\n\nIf data block in compressed cluster is not persisted with metadata\nduring checkpoint, after SPOR, the data may be corrupted, let's\nguarantee to write compressed page by checkpoint.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27035', 'https://git.kernel.org/linus/8a430dd49e9cb021372b0ad91e60aeef9c6ced00 (6.9-rc1)', 'https://git.kernel.org/stable/c/57e8b17d0522c8f4daf0c4d9969b4d7358033532', 'https://git.kernel.org/stable/c/82704e598d7b33c7e45526e34d3c585426319bed', 'https://git.kernel.org/stable/c/8a430dd49e9cb021372b0ad91e60aeef9c6ced00', 'https://git.kernel.org/stable/c/c3311694b9bcced233548574d414c91d39214684', 'https://git.kernel.org/stable/c/e54cce8137258a550b49cae45d09e024821fb28d', 'https://lore.kernel.org/linux-cve-announce/2024050111-CVE-2024-27035-1628@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27035', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27035'], 'PublishedDate': '2024-05-01T13:15:49.36Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27041', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27041', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: fix NULL checks for adev-&gt;dm.dc in amdgpu_dm_fini()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()\n\nSince \'adev->dm.dc\' in amdgpu_dm_fini() might turn out to be NULL\nbefore the call to dc_enable_dmub_notifications(), check\nbeforehand to ensure there will not be a possible NULL-ptr-deref\nthere.\n\nAlso, since commit 1e88eb1b2c25 ("drm/amd/display: Drop\nCONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in\n\'adev->dm.dc\' before dc_deinit_callbacks() and dc_dmub_srv_destroy().\nClean up by combining them all under one \'if\'.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27041', 'https://git.kernel.org/linus/2a3cfb9a24a28da9cc13d2c525a76548865e182c (6.9-rc1)', 'https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b', 'https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c', 'https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957', 'https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811', 'https://lore.kernel.org/linux-cve-announce/2024050112-CVE-2024-27041-7bf4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27041', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27041'], 'PublishedDate': '2024-05-01T13:15:49.647Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27056', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27056', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: ensure offloading TID queue exists\n\nThe resume code path assumes that the TX queue for the offloading TID\nhas been configured. At resume time it then tries to sync the write\npointer as it may have been updated by the firmware.\n\nIn the unusual event that no packets have been send on TID 0, the queue\nwill not have been allocated and this causes a crash. Fix this by\nensuring the queue exist at suspend time.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3627', 'https://access.redhat.com/security/cve/CVE-2024-27056', 'https://bugzilla.redhat.com/2250843', 'https://bugzilla.redhat.com/2257406', 'https://bugzilla.redhat.com/2263875', 'https://bugzilla.redhat.com/2265271', 'https://bugzilla.redhat.com/2265646', 'https://bugzilla.redhat.com/2265654', 'https://bugzilla.redhat.com/2265833', 'https://bugzilla.redhat.com/2266296', 'https://bugzilla.redhat.com/2266446', 'https://bugzilla.redhat.com/2266746', 'https://bugzilla.redhat.com/2266841', 'https://bugzilla.redhat.com/2267038', 'https://bugzilla.redhat.com/2267185', 'https://bugzilla.redhat.com/2267355', 'https://bugzilla.redhat.com/2267509', 'https://bugzilla.redhat.com/2267705', 'https://bugzilla.redhat.com/2267724', 'https://bugzilla.redhat.com/2267758', 'https://bugzilla.redhat.com/2267789', 'https://bugzilla.redhat.com/2267797', 'https://bugzilla.redhat.com/2267804', 'https://bugzilla.redhat.com/2268315', 'https://bugzilla.redhat.com/2268317', 'https://bugzilla.redhat.com/2269213', 'https://bugzilla.redhat.com/2269856', 'https://bugzilla.redhat.com/2270080', 'https://bugzilla.redhat.com/2270879', 'https://bugzilla.redhat.com/2270881', 'https://bugzilla.redhat.com/2271469', 'https://bugzilla.redhat.com/2271476', 'https://bugzilla.redhat.com/2272780', 'https://bugzilla.redhat.com/2272791', 'https://bugzilla.redhat.com/2273092', 'https://bugzilla.redhat.com/2273094', 'https://bugzilla.redhat.com/2273223', 'https://bugzilla.redhat.com/2273260', 'https://bugzilla.redhat.com/2273262', 'https://bugzilla.redhat.com/2274624', 'https://bugzilla.redhat.com/2275645', 'https://bugzilla.redhat.com/2275655', 'https://bugzilla.redhat.com/2275666', 'https://bugzilla.redhat.com/2275707', 'https://bugzilla.redhat.com/2275777', 'https://bugzilla.redhat.com/2278169', 'https://bugzilla.redhat.com/2278237', 'https://bugzilla.redhat.com/2278240', 'https://bugzilla.redhat.com/2278268', 'https://bugzilla.redhat.com/2278314', 'https://bugzilla.redhat.com/2278356', 'https://bugzilla.redhat.com/2278398', 'https://bugzilla.redhat.com/2278409', 'https://bugzilla.redhat.com/2278417', 'https://bugzilla.redhat.com/2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250843', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257406', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265646', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266296', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266446', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266746', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266841', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267038', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267185', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267355', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267705', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267724', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267789', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267804', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268291', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268293', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268309', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268315', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268317', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269213', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269856', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270080', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270881', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271469', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271476', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272791', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273092', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273094', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273223', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273260', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273262', 'https://bugzilla.redhat.com/show_bug.cgi?id=2274624', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275666', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275707', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275777', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278169', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278240', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278314', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278356', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278398', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278537', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25162', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47013', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47118', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47153', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47171', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47185', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52445', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52477', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52513', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52520', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52528', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52565', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52578', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23307', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26693', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26694', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26872', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26901', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26964', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26973', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26993', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27014', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27056', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27059', 'https://errata.almalinux.org/8/ALSA-2024-3627.html', 'https://errata.rockylinux.org/RLSA-2024:3618', 'https://git.kernel.org/linus/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f (6.8-rc7)', 'https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f', 'https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5', 'https://linux.oracle.com/cve/CVE-2024-27056.html', 'https://linux.oracle.com/errata/ELSA-2024-3618.html', 'https://lore.kernel.org/linux-cve-announce/2024050115-CVE-2024-27056-98c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27056', 'https://www.cve.org/CVERecord?id=CVE-2024-27056'], 'PublishedDate': '2024-05-01T13:15:50.36Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27057', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27057', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend\n\nWhen the system is suspended while audio is active, the\nsof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during\nsuspend the DSP is turned off, streams will be re-started after resume.\n\nIf the firmware crashes during while audio is running (or when we reset\nthe stream before suspend) then the sof_ipc4_set_multi_pipeline_state()\nwill fail with IPC error and the state change is interrupted.\nThis will cause misalignment between the kernel and firmware state on next\nDSP boot resulting errors returned by firmware for IPC messages, eventually\nfailing the audio resume.\nOn stream close the errors are ignored so the kernel state will be\ncorrected on the next DSP boot, so the second boot after the DSP panic.\n\nIf sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then\nstate parameter is SOF_IPC4_PIPE_RESET and only in this case.\n\nTreat a forced pipeline reset similarly to how we treat a pcm_free by\nignoring error on state sending to allow the kernel's state to be\nconsistent with the state the firmware will have after the next boot.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27057', 'https://git.kernel.org/linus/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 (6.8-rc5)', 'https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759', 'https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2', 'https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c', 'https://lore.kernel.org/linux-cve-announce/2024050116-CVE-2024-27057-c0fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27057', 'https://www.cve.org/CVERecord?id=CVE-2024-27057'], 'PublishedDate': '2024-05-01T13:15:50.4Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27062', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27062', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau: lock the client object tree.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: lock the client object tree.\n\nIt appears the client object tree has no locking unless I've missed\nsomething else. Fix races around adding/removing client objects,\nmostly vram bar mappings.\n\n 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI\n[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\n[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\n[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe\n[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206\n[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58\n[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400\n[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000\n[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0\n[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007\n[ 4562.099528] FS:  00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000\n[ 4562.099534] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0\n[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4562.099544] Call Trace:\n[ 4562.099555]  <TASK>\n[ 4562.099573]  ? die_addr+0x36/0x90\n[ 4562.099583]  ? exc_general_protection+0x246/0x4a0\n[ 4562.099593]  ? asm_exc_general_protection+0x26/0x30\n[ 4562.099600]  ? nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099730]  nvkm_ioctl+0xa1/0x250 [nouveau]\n[ 4562.099861]  nvif_object_map_handle+0xc8/0x180 [nouveau]\n[ 4562.099986]  nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]\n[ 4562.100156]  ? dma_resv_test_signaled+0x26/0xb0\n[ 4562.100163]  ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]\n[ 4562.100182]  ? __mutex_unlock_slowpath+0x2a/0x270\n[ 4562.100189]  nouveau_ttm_fault+0x69/0xb0 [nouveau]\n[ 4562.100356]  __do_fault+0x32/0x150\n[ 4562.100362]  do_fault+0x7c/0x560\n[ 4562.100369]  __handle_mm_fault+0x800/0xc10\n[ 4562.100382]  handle_mm_fault+0x17c/0x3e0\n[ 4562.100388]  do_user_addr_fault+0x208/0x860\n[ 4562.100395]  exc_page_fault+0x7f/0x200\n[ 4562.100402]  asm_exc_page_fault+0x26/0x30\n[ 4562.100412] RIP: 0033:0x9b9870\n[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7\n[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246\n[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000\n[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066\n[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000\n[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff\n[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 4562.100446]  </TASK>\n[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink \n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27062', 'https://git.kernel.org/linus/b7cc4ff787a572edf2c55caeffaa88cd801eb135 (6.8)', 'https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7', 'https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589', 'https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135', 'https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-27062-3291@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27062', 'https://www.cve.org/CVERecord?id=CVE-2024-27062'], 'PublishedDate': '2024-05-01T13:15:50.66Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27072', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27072', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: usbtv: Remove useless locks in usbtv_video_free()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Remove useless locks in usbtv_video_free()\n\nRemove locks calls in usbtv_video_free() because\nare useless and may led to a deadlock as reported here:\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\nAlso remove usbtv_stop() call since it will be called when\nunregistering the device.\n\nBefore 'c838530d230b' this issue would only be noticed if you\ndisconnect while streaming and now it is noticeable even when\ndisconnecting while not streaming.\n\n\n[hverkuil: fix minor spelling mistake in log message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27072', 'https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1)', 'https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2', 'https://git.kernel.org/stable/c/4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9', 'https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895', 'https://git.kernel.org/stable/c/bdd82c47b22a8befd617b723098b2a41b77373c7', 'https://git.kernel.org/stable/c/d5ed208d04acf06781d63d30f9fa991e8d609ebd', 'https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf', 'https://lore.kernel.org/linux-cve-announce/2024050133-CVE-2024-27072-301d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27072', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27072'], 'PublishedDate': '2024-05-01T13:15:51.127Z', 'LastModifiedDate': '2024-10-17T14:15:05.93Z'}, {'VulnerabilityID': 'CVE-2024-27389', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27389', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pstore: inode: Only d_invalidate() is needed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: inode: Only d_invalidate() is needed\n\nUnloading a modular pstore backend with records in pstorefs would\ntrigger the dput() double-drop warning:\n\n  WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410\n\nUsing the combo of d_drop()/dput() (as mentioned in\nDocumentation/filesystems/vfs.rst) isn't the right approach here, and\nleads to the reference counting problem seen above. Use d_invalidate()\nand update the code to not bother checking for error codes that can\nnever happen.\n\n---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27389', 'https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1)', 'https://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6', 'https://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3', 'https://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3', 'https://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a', 'https://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e', 'https://lore.kernel.org/linux-cve-announce/2024050135-CVE-2024-27389-fb3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27389', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27389'], 'PublishedDate': '2024-05-01T13:15:51.653Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27400', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2\n\nThis reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move\non same heap. The basic problem here is that after the move the old\nlocation is simply not available any more.\n\nSome fixes were suggested, but essentially we should call the move\nnotification before actually moving things because only this way we have\nthe correct order for DMA-buf and VM move notifications as well.\n\nAlso rework the statistic handling so that we don't update the eviction\ncounter before the move.\n\nv2: add missing NULL check", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27400', 'https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7)', 'https://git.kernel.org/stable/c/0c7ed3ed35eec9138b88d42217b5a6b9a62bda4d', 'https://git.kernel.org/stable/c/5c25b169f9a0b34ee410891a96bc9d7b9ed6f9be', 'https://git.kernel.org/stable/c/9a4f6e138720b6e9adf7b82a71d0292f3f276480', 'https://git.kernel.org/stable/c/d3a9331a6591e9df64791e076f6591f440af51c3', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/', 'https://lore.kernel.org/linux-cve-announce/2024051317-CVE-2024-27400-3b00@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27400', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27400'], 'PublishedDate': '2024-05-14T15:12:29.26Z', 'LastModifiedDate': '2024-06-10T18:15:28.337Z'}, {'VulnerabilityID': 'CVE-2024-27402', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27402', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: phonet/pep: fix racy skb_queue_empty() use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nphonet/pep: fix racy skb_queue_empty() use\n\nThe receive queues are protected by their respective spin-lock, not\nthe socket lock. This could lead to skb_peek() unexpectedly\nreturning NULL or a pointer to an already dequeued socket buffer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27402', 'https://git.kernel.org/linus/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 (6.8-rc6)', 'https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277', 'https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5', 'https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88', 'https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78', 'https://lore.kernel.org/linux-cve-announce/2024051736-CVE-2024-27402-90cf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27402', 'https://www.cve.org/CVERecord?id=CVE-2024-27402'], 'PublishedDate': '2024-05-17T12:15:09.757Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-27407', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27407', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Fixed overflow check in mi_enum_attr()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fixed overflow check in mi_enum_attr()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-120'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27407', 'https://git.kernel.org/linus/652cfeb43d6b9aba5c7c4902bed7a7340df131fb (6.8-rc4)', 'https://git.kernel.org/stable/c/1c0a95d99b1b2b5d842e5abc7ef7eed1193b60d7', 'https://git.kernel.org/stable/c/652cfeb43d6b9aba5c7c4902bed7a7340df131fb', 'https://git.kernel.org/stable/c/8c77398c72618101d66480b94b34fe9087ee3d08', 'https://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-27407-976d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27407', 'https://www.cve.org/CVERecord?id=CVE-2024-27407'], 'PublishedDate': '2024-05-17T12:15:11Z', 'LastModifiedDate': '2024-07-03T01:50:38.343Z'}, {'VulnerabilityID': 'CVE-2024-27408', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27408', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup\n\nThe Linked list element and pointer are not stored in the same memory as\nthe eDMA controller register. If the doorbell register is toggled before\nthe full write of the linked list a race condition error will occur.\nIn remote setup we can only use a readl to the memory to assure the full\nwrite has occurred.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27408', 'https://git.kernel.org/linus/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba (6.8-rc7)', 'https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba', 'https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3', 'https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a', 'https://lore.kernel.org/linux-cve-announce/2024051700-CVE-2024-27408-6911@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27408', 'https://www.cve.org/CVERecord?id=CVE-2024-27408'], 'PublishedDate': '2024-05-17T12:15:11.223Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-27418', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27418', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mctp: take ownership of skb in mctp_local_output', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27418', 'https://git.kernel.org/linus/3773d65ae5154ed7df404b050fd7387a36ab5ef3 (6.8-rc7)', 'https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3', 'https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd', 'https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b', 'https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68', 'https://lore.kernel.org/linux-cve-announce/2024051703-CVE-2024-27418-3cda@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27418', 'https://www.cve.org/CVERecord?id=CVE-2024-27418'], 'PublishedDate': '2024-05-17T12:15:13.52Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-27435', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27435', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: fix reconnection fail due to reserved tag allocation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix reconnection fail due to reserved tag allocation\n\nWe found a issue on production environment while using NVMe over RDMA,\nadmin_q reconnect failed forever while remote target and network is ok.\nAfter dig into it, we found it may caused by a ABBA deadlock due to tag\nallocation. In my case, the tag was hold by a keep alive request\nwaiting inside admin_q, as we quiesced admin_q while reset ctrl, so the\nrequest maked as idle and will not process before reset success. As\nfabric_q shares tagset with admin_q, while reconnect remote target, we\nneed a tag for connect command, but the only one reserved tag was held\nby keep alive command which waiting inside admin_q. As a result, we\nfailed to reconnect admin_q forever. In order to fix this issue, I\nthink we should keep two reserved tags for admin queue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27435', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273082', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273466', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281131', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293230', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293456', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294225', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663', 'https://errata.rockylinux.org/RLSA-2024:4583', 'https://git.kernel.org/linus/de105068fead55ed5c07ade75e9c8e7f86a00d1d (6.9-rc1)', 'https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8', 'https://git.kernel.org/stable/c/262da920896e2f2ab0e3947d9dbee0aa09045818', 'https://git.kernel.org/stable/c/6851778504cdb49431809b4ba061903d5f592c96', 'https://git.kernel.org/stable/c/de105068fead55ed5c07ade75e9c8e7f86a00d1d', 'https://git.kernel.org/stable/c/ff2f90f88d78559802466ad1c84ac5bda4416b3a', 'https://linux.oracle.com/cve/CVE-2024-27435.html', 'https://linux.oracle.com/errata/ELSA-2024-4583.html', 'https://lore.kernel.org/linux-cve-announce/2024051710-CVE-2024-27435-c465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27435', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27435'], 'PublishedDate': '2024-05-17T13:15:58.073Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35784', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix deadlock with fiemap and extent locking', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock with fiemap and extent locking\n\nWhile working on the patchset to remove extent locking I got a lockdep\nsplat with fiemap and pagefaulting with my new extent lock replacement\nlock.\n\nThis deadlock exists with our normal code, we just don't have lockdep\nannotations with the extent locking so we've never noticed it.\n\nSince we're copying the fiemap extent to user space on every iteration\nwe have the chance of pagefaulting.  Because we hold the extent lock for\nthe entire range we could mkwrite into a range in the file that we have\nmmap'ed.  This would deadlock with the following stack trace\n\n[<0>] lock_extent+0x28d/0x2f0\n[<0>] btrfs_page_mkwrite+0x273/0x8a0\n[<0>] do_page_mkwrite+0x50/0xb0\n[<0>] do_fault+0xc1/0x7b0\n[<0>] __handle_mm_fault+0x2fa/0x460\n[<0>] handle_mm_fault+0xa4/0x330\n[<0>] do_user_addr_fault+0x1f4/0x800\n[<0>] exc_page_fault+0x7c/0x1e0\n[<0>] asm_exc_page_fault+0x26/0x30\n[<0>] rep_movs_alternative+0x33/0x70\n[<0>] _copy_to_user+0x49/0x70\n[<0>] fiemap_fill_next_extent+0xc8/0x120\n[<0>] emit_fiemap_extent+0x4d/0xa0\n[<0>] extent_fiemap+0x7f8/0xad0\n[<0>] btrfs_fiemap+0x49/0x80\n[<0>] __x64_sys_ioctl+0x3e1/0xb50\n[<0>] do_syscall_64+0x94/0x1a0\n[<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nI wrote an fstest to reproduce this deadlock without my replacement lock\nand verified that the deadlock exists with our existing locking.\n\nTo fix this simply don't take the extent lock for the entire duration of\nthe fiemap.  This is safe in general because we keep track of where we\nare when we're searching the tree, so if an ordered extent updates in\nthe middle of our fiemap call we'll still emit the correct extents\nbecause we know what offset we were on before.\n\nThe only place we maintain the lock is searching delalloc.  Since the\ndelalloc stuff can change during writeback we want to lock the extent\nrange so we have a consistent view of delalloc at the time we're\nchecking to see if we need to set the delalloc flag.\n\nWith this patch applied we no longer deadlock with my testcase.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35784', 'https://git.kernel.org/linus/b0ad381fa7690244802aed119b478b4bdafc31dd (6.8-rc6)', 'https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b', 'https://git.kernel.org/stable/c/b0ad381fa7690244802aed119b478b4bdafc31dd', 'https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf', 'https://lore.kernel.org/linux-cve-announce/2024051704-CVE-2024-35784-6dec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35784', 'https://www.cve.org/CVERecord?id=CVE-2024-35784'], 'PublishedDate': '2024-05-17T13:15:58.27Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35790', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35790', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: altmodes/displayport: create sysfs nodes as driver&#39;s default device attribute group', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group\n\nThe DisplayPort driver's sysfs nodes may be present to the userspace before\ntypec_altmode_set_drvdata() completes in dp_altmode_probe. This means that\na sysfs read can trigger a NULL pointer error by deferencing dp->hpd in\nhpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns\nNULL in those cases.\n\nRemove manual sysfs node creation in favor of adding attribute group as\ndefault for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is\nnot used here otherwise the path to the sysfs nodes is no longer compliant\nwith the ABI.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35790', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/165376f6b23e9a779850e750fb2eb06622e5a531 (6.8)', 'https://git.kernel.org/stable/c/0ad011776c057ce881b7fd6d8c79ecd459c087e9', 'https://git.kernel.org/stable/c/165376f6b23e9a779850e750fb2eb06622e5a531', 'https://git.kernel.org/stable/c/4a22aeac24d0d5f26ba741408e8b5a4be6dc5dc0', 'https://linux.oracle.com/cve/CVE-2024-35790.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051708-CVE-2024-35790-6a80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35790', 'https://www.cve.org/CVERecord?id=CVE-2024-35790'], 'PublishedDate': '2024-05-17T13:15:58.8Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35794', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: really frozen sync_thread during suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: really frozen sync_thread during suspend\n\n1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove\n   MD_RECOVERY_FROZEN from __md_stop_writes() and doesn\'t realize that\n   dm-raid relies on __md_stop_writes() to frozen sync_thread\n   indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\n   md_stop_writes(), and since stop_sync_thread() is only used for\n   dm-raid in this case, also move stop_sync_thread() to\n   md_stop_writes().\n2) The flag MD_RECOVERY_FROZEN doesn\'t mean that sync thread is frozen,\n   it only prevent new sync_thread to start, and it can\'t stop the\n   running sync thread; In order to frozen sync_thread, after seting the\n   flag, stop_sync_thread() should be used.\n3) The flag MD_RECOVERY_FROZEN doesn\'t mean that writes are stopped, use\n   it as condition for md_stop_writes() in raid_postsuspend() doesn\'t\n   look correct. Consider that reentrant stop_sync_thread() do nothing,\n   always call md_stop_writes() in raid_postsuspend().\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\n   and if MD_RECOVERY_FROZEN is cleared while the array is suspended,\n   new sync_thread can start unexpected. Fix this by disallow\n   raid_message() to change sync_thread status during suspend.\n\nNote that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\nand with previous fixes, the test won\'t hang there anymore, however, the\ntest will still fail and complain that ext4 is corrupted. And with this\npatch, the test won\'t hang due to stop_sync_thread() or fail due to ext4\nis corrupted anymore. However, there is still a deadlock related to\ndm-raid456 that will be fixed in following patches.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35794', 'https://git.kernel.org/linus/16c4770c75b1223998adbeb7286f9a15c65fba73 (6.9-rc1)', 'https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73', 'https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b', 'https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab', 'https://lore.kernel.org/linux-cve-announce/2024051709-CVE-2024-35794-f42d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35794', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35794'], 'PublishedDate': '2024-05-17T13:15:59.097Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35799', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35799', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Prevent crash when disable stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent crash when disable stream\n\n[Why]\nDisabling stream encoder invokes a function that no longer exists.\n\n[How]\nCheck if the function declaration is NULL in disable stream encoder.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35799', 'https://git.kernel.org/linus/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c (6.9-rc2)', 'https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48', 'https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06', 'https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38', 'https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c', 'https://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35799-75e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35799', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35799'], 'PublishedDate': '2024-05-17T14:15:12.42Z', 'LastModifiedDate': '2024-07-03T02:02:11.17Z'}, {'VulnerabilityID': 'CVE-2024-35801', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35801', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Keep xfd_state in sync with MSR_IA32_XFD\n\nCommit 672365477ae8 ("x86/fpu: Update XFD state where required") and\ncommit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a\nper CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in\norder to avoid unnecessary writes to the MSR.\n\nOn CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which\nwipes out any stale state. But the per CPU cached xfd value is not\nreset, which brings them out of sync.\n\nAs a consequence a subsequent xfd_update_state() might fail to update\nthe MSR which in turn can result in XRSTOR raising a #NM in kernel\nspace, which crashes the kernel.\n\nTo fix this, introduce xfd_set_state() to write xfd_state together\nwith MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35801', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/10e4b5166df9ff7a2d5316138ca668b42d004422 (6.9-rc1)', 'https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422', 'https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd', 'https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d', 'https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8', 'https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624', 'https://linux.oracle.com/cve/CVE-2024-35801.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35801-8038@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35801', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35801'], 'PublishedDate': '2024-05-17T14:15:12.827Z', 'LastModifiedDate': '2024-07-03T02:02:12.05Z'}, {'VulnerabilityID': 'CVE-2024-35803', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/efistub: Call mixed mode boot services on the firmware&#39;s stack', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efistub: Call mixed mode boot services on the firmware\'s stack\n\nNormally, the EFI stub calls into the EFI boot services using the stack\nthat was live when the stub was entered. According to the UEFI spec,\nthis stack needs to be at least 128k in size - this might seem large but\nall asynchronous processing and event handling in EFI runs from the same\nstack and so quite a lot of space may be used in practice.\n\nIn mixed mode, the situation is a bit different: the bootloader calls\nthe 32-bit EFI stub entry point, which calls the decompressor\'s 32-bit\nentry point, where the boot stack is set up, using a fixed allocation\nof 16k. This stack is still in use when the EFI stub is started in\n64-bit mode, and so all calls back into the EFI firmware will be using\nthe decompressor\'s limited boot stack.\n\nDue to the placement of the boot stack right after the boot heap, any\nstack overruns have gone unnoticed. However, commit\n\n  5c4feadb0011983b ("x86/decompressor: Move global symbol references to C code")\n\nmoved the definition of the boot heap into C code, and now the boot\nstack is placed right at the base of BSS, where any overruns will\ncorrupt the end of the .data section.\n\nWhile it would be possible to work around this by increasing the size of\nthe boot stack, doing so would affect all x86 systems, and mixed mode\nsystems are a tiny (and shrinking) fraction of the x86 installed base.\n\nSo instead, record the firmware stack pointer value when entering from\nthe 32-bit firmware, and switch to this stack every time a EFI boot\nservice call is made.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35803', 'https://git.kernel.org/linus/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02 (6.9-rc1)', 'https://git.kernel.org/stable/c/2149f8a56e2ed345c7a4d022a79f6b8fc53ae926', 'https://git.kernel.org/stable/c/725351c036452b7db5771a7bed783564bc4b99cc', 'https://git.kernel.org/stable/c/930775060ca348b8665f60eef14b204172d14f31', 'https://git.kernel.org/stable/c/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02', 'https://git.kernel.org/stable/c/fba7ee7187581b5bc222003e73e2592b398bb06d', 'https://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-35803-c81f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35803', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35803'], 'PublishedDate': '2024-05-17T14:15:13.337Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35808', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/dm-raid: don&#39;t call md_reap_sync_thread() directly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don\'t call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding \'reconfig_mutex\', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n\'reconfig_mutex\'.\n\nHowever, hold \'reconfig_mutex\' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b ("md: refactor\nidle/frozen_sync_thread() to fix deadlock").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35808', 'https://git.kernel.org/linus/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0 (6.9-rc1)', 'https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc', 'https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669', 'https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0', 'https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2024-35808-2bf6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35808', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35808'], 'PublishedDate': '2024-05-17T14:15:14.503Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35826', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: Fix page refcounts for unaligned buffers in __bio_release_pages()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35826', 'https://git.kernel.org/linus/38b43539d64b2fa020b3b9a752a986769f87f7a6 (6.9-rc1)', 'https://git.kernel.org/stable/c/242006996d15f5ca62e22f8c7de077d9c4a8f367', 'https://git.kernel.org/stable/c/38b43539d64b2fa020b3b9a752a986769f87f7a6', 'https://git.kernel.org/stable/c/7d3765550374f71248c55e6206ea1d6fd4537e65', 'https://git.kernel.org/stable/c/c9d3d2fbde9b8197bce88abcbe8ee8e713ffe7c2', 'https://git.kernel.org/stable/c/ecbd9ced84dd655a8f4cd49d2aad0e80dbf6bf35', 'https://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35826-c17f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35826', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35826'], 'PublishedDate': '2024-05-17T14:15:18.45Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35832', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit\n\nbch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.\nIt should be freed by kvfree not kfree.\nOr umount will triger:\n\n[  406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008\n[  406.830676 ] #PF: supervisor read access in kernel mode\n[  406.831643 ] #PF: error_code(0x0000) - not-present page\n[  406.832487 ] PGD 0 P4D 0\n[  406.832898 ] Oops: 0000 [#1] PREEMPT SMP PTI\n[  406.833512 ] CPU: 2 PID: 1754 Comm: umount Kdump: loaded Tainted: G           OE      6.7.0-rc7-custom+ #90\n[  406.834746 ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[  406.835796 ] RIP: 0010:kfree+0x62/0x140\n[  406.836197 ] Code: 80 48 01 d8 0f 82 e9 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 78 9f 1f 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 56 9f 1f 01 <48> 8b 50 08 48 89 c7 f6 c2 01 0f 85 b0 00 00 00 66 90 48 8b 07 f6\n[  406.837810 ] RSP: 0018:ffffb9d641607e48 EFLAGS: 00010286\n[  406.838213 ] RAX: ffffe7b487148000 RBX: ffffb9d645200000 RCX: ffffb9d641607dc4\n[  406.838738 ] RDX: 000065bb00000000 RSI: ffffffffc0d88b84 RDI: ffffb9d645200000\n[  406.839217 ] RBP: ffff9a4625d00068 R08: 0000000000000001 R09: 0000000000000001\n[  406.839650 ] R10: 0000000000000001 R11: 000000000000001f R12: ffff9a4625d4da80\n[  406.840055 ] R13: ffff9a4625d00000 R14: ffffffffc0e2eb20 R15: 0000000000000000\n[  406.840451 ] FS:  00007f0a264ffb80(0000) GS:ffff9a4e2d500000(0000) knlGS:0000000000000000\n[  406.840851 ] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  406.841125 ] CR2: ffffe7b487148008 CR3: 000000018c4d2000 CR4: 00000000000006f0\n[  406.841464 ] Call Trace:\n[  406.841583 ]  <TASK>\n[  406.841682 ]  ? __die+0x1f/0x70\n[  406.841828 ]  ? page_fault_oops+0x159/0x470\n[  406.842014 ]  ? fixup_exception+0x22/0x310\n[  406.842198 ]  ? exc_page_fault+0x1ed/0x200\n[  406.842382 ]  ? asm_exc_page_fault+0x22/0x30\n[  406.842574 ]  ? bch2_fs_release+0x54/0x280 [bcachefs]\n[  406.842842 ]  ? kfree+0x62/0x140\n[  406.842988 ]  ? kfree+0x104/0x140\n[  406.843138 ]  bch2_fs_release+0x54/0x280 [bcachefs]\n[  406.843390 ]  kobject_put+0xb7/0x170\n[  406.843552 ]  deactivate_locked_super+0x2f/0xa0\n[  406.843756 ]  cleanup_mnt+0xba/0x150\n[  406.843917 ]  task_work_run+0x59/0xa0\n[  406.844083 ]  exit_to_user_mode_prepare+0x197/0x1a0\n[  406.844302 ]  syscall_exit_to_user_mode+0x16/0x40\n[  406.844510 ]  do_syscall_64+0x4e/0xf0\n[  406.844675 ]  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[  406.844907 ] RIP: 0033:0x7f0a2664e4fb', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35832', 'https://git.kernel.org/linus/369acf97d6fd5da620d053d0f1878ffe32eff555 (6.8-rc1)', 'https://git.kernel.org/stable/c/369acf97d6fd5da620d053d0f1878ffe32eff555', 'https://git.kernel.org/stable/c/56590678791119b9a655202e49898edfb9307271', 'https://lore.kernel.org/linux-cve-announce/2024051730-CVE-2024-35832-b2f8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35832', 'https://www.cve.org/CVERecord?id=CVE-2024-35832'], 'PublishedDate': '2024-05-17T14:15:19.71Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35839', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh->arp_queue while waiting for an arp\nreply. Where original skb's skb->dev can be different to neigh's\nneigh->dev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh->arp_queue of the bridge.\n\nAs skb->dev can be reset back to nf_bridge->physindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn't cleanup skbs from\ndifferent device's neigh queue) we can crash on e.g. this stack:\n\narp_process\n  neigh_update\n    skb = __skb_dequeue(&neigh->arp_queue)\n      neigh_resolve_output(..., skb)\n        ...\n          br_nf_dev_xmit\n            br_nf_pre_routing_finish_bridge_slow\n              skb->dev = nf_bridge->physindev\n              br_handle_frame_finish\n\nLet's use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don't get it and drop skb.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35839', 'https://git.kernel.org/linus/9874808878d9eed407e3977fd11fee49de1e1d86 (6.8-rc1)', 'https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c', 'https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b', 'https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547', 'https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86', 'https://linux.oracle.com/cve/CVE-2024-35839.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35839-4194@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35839', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2024-35839'], 'PublishedDate': '2024-05-17T15:15:21.017Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35843', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu/vt-d: Use device rbtree in iopf reporting path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Use device rbtree in iopf reporting path\n\nThe existing I/O page fault handler currently locates the PCI device by\ncalling pci_get_domain_bus_and_slot(). This function searches the list\nof all PCI devices until the desired device is found. To improve lookup\nefficiency, replace it with device_rbtree_find() to search the device\nwithin the probed device rbtree.\n\nThe I/O page fault is initiated by the device, which does not have any\nsynchronization mechanism with the software to ensure that the device\nstays in the probed device tree. Theoretically, a device could be released\nby the IOMMU subsystem after device_rbtree_find() and before\niopf_get_dev_fault_param(), which would cause a use-after-free problem.\n\nAdd a mutex to synchronize the I/O page fault reporting path and the IOMMU\nrelease device path. This lock doesn't introduce any performance overhead,\nas the conflict between I/O page fault reporting and device releasing is\nvery rare.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35843', 'https://git.kernel.org/linus/def054b01a867822254e1dda13d587f5c7a99e2a (6.9-rc1)', 'https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15', 'https://git.kernel.org/stable/c/def054b01a867822254e1dda13d587f5c7a99e2a', 'https://lore.kernel.org/linux-cve-announce/2024051717-CVE-2024-35843-516e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35843', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35843'], 'PublishedDate': '2024-05-17T15:15:21.313Z', 'LastModifiedDate': '2024-07-03T02:02:16.58Z'}, {'VulnerabilityID': 'CVE-2024-35861', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35861', 'https://git.kernel.org/linus/e0e50401cc3921c9eaf1b0e667db174519ea939f (6.9-rc3)', 'https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1', 'https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4', 'https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f', 'https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d', 'https://lore.kernel.org/linux-cve-announce/2024051937-CVE-2024-35861-dcfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35861', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35861'], 'PublishedDate': '2024-05-19T09:15:07.717Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35862', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35862', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in smb2_is_network_name_deleted()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_network_name_deleted()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35862', 'https://git.kernel.org/linus/63981561ffd2d4987807df4126f96a11e18b0c1d (6.9-rc3)', 'https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d', 'https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01', 'https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645', 'https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c', 'https://lore.kernel.org/linux-cve-announce/2024051937-CVE-2024-35862-eda2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35862', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35862'], 'PublishedDate': '2024-05-19T09:15:07.797Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35863', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in is_valid_oplock_break()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35863', 'https://git.kernel.org/linus/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 (6.9-rc3)', 'https://git.kernel.org/stable/c/0a15ba88a32fa7a516aff7ffd27befed5334dff2', 'https://git.kernel.org/stable/c/16d58c6a7db5050b9638669084b63fc05f951825', 'https://git.kernel.org/stable/c/494c91e1e9413b407d12166a61b84200d4d54fac', 'https://git.kernel.org/stable/c/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29', 'https://lore.kernel.org/linux-cve-announce/2024051938-CVE-2024-35863-7c05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35863', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35863'], 'PublishedDate': '2024-05-19T09:15:07.88Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35864', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in smb2_is_valid_lease_break()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35864', 'https://git.kernel.org/linus/705c76fbf726c7a2f6ff9143d4013b18daaaebf1 (6.9-rc3)', 'https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1', 'https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb', 'https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5', 'https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4', 'https://lore.kernel.org/linux-cve-announce/2024051938-CVE-2024-35864-3536@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35864', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35864'], 'PublishedDate': '2024-05-19T09:15:07.957Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35865', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35865', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in smb2_is_valid_oplock_break()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35865', 'https://git.kernel.org/linus/22863485a4626ec6ecf297f4cc0aef709bc862e4 (6.9-rc3)', 'https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd', 'https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4', 'https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628', 'https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7', 'https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35865-c095@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35865', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35865'], 'PublishedDate': '2024-05-19T09:15:08.033Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35866', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_dump_full_key()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_dump_full_key()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35866', 'https://git.kernel.org/linus/58acd1f497162e7d282077f816faa519487be045 (6.9-rc3)', 'https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682', 'https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113', 'https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045', 'https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35866-97e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35866', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35866'], 'PublishedDate': '2024-05-19T09:15:08.123Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35867', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_stats_proc_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/29/2', 'http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-35867', 'https://git.kernel.org/linus/0865ffefea197b437ba78b5dd8d8e256253efd65 (6.9-rc3)', 'https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65', 'https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49', 'https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7', 'https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39', 'https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35867-15e3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35867', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35867'], 'PublishedDate': '2024-05-19T09:15:08.197Z', 'LastModifiedDate': '2024-06-10T18:15:35.32Z'}, {'VulnerabilityID': 'CVE-2024-35868', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_stats_proc_write()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_write()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35868', 'https://git.kernel.org/linus/d3da25c5ac84430f89875ca7485a3828150a7e0a (6.9-rc3)', 'https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b', 'https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72', 'https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7', 'https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a', 'https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35868-be7a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35868', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35868'], 'PublishedDate': '2024-05-19T09:15:08.267Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35869', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: guarantee refcounted children from parent session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: guarantee refcounted children from parent session\n\nAvoid potential use-after-free bugs when walking DFS referrals,\nmounting and performing DFS failover by ensuring that all children\nfrom parent @tcon->ses are also refcounted.  They're all needed across\nthe entire DFS mount.  Get rid of @tcon->dfs_ses_list while we're at\nit, too.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35869', 'https://git.kernel.org/linus/062a7f0ff46eb57aff526897bd2bebfdb1d3046a (6.9-rc3)', 'https://git.kernel.org/stable/c/062a7f0ff46eb57aff526897bd2bebfdb1d3046a', 'https://git.kernel.org/stable/c/645f332c6b63499cc76197f9b6bffcc659ba64cc', 'https://git.kernel.org/stable/c/e1db9ae87b7148c021daee1fcc4bc71b2ac58a79', 'https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35869-73f8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35869', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35869'], 'PublishedDate': '2024-05-19T09:15:08.34Z', 'LastModifiedDate': '2024-07-03T02:02:21.027Z'}, {'VulnerabilityID': 'CVE-2024-35870', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix UAF in smb2_reconnect_server()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in smb2_reconnect_server()\n\nThe UAF bug is due to smb2_reconnect_server() accessing a session that\nis already being teared down by another thread that is executing\n__cifs_put_smb_ses().  This can happen when (a) the client has\nconnection to the server but no session or (b) another thread ends up\nsetting @ses->ses_status again to something different than\nSES_EXITING.\n\nTo fix this, we need to make sure to unconditionally set\n@ses->ses_status to SES_EXITING and prevent any other threads from\nsetting a new status while we're still tearing it down.\n\nThe following can be reproduced by adding some delay to right after\nthe ipc is freed in __cifs_put_smb_ses() - which will give\nsmb2_reconnect_server() worker a chance to run and then accessing\n@ses->ipc:\n\nkinit ...\nmount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10\n[disconnect srv]\nls /mnt/1 &>/dev/null\nsleep 30\nkdestroy\n[reconnect srv]\nsleep 10\numount /mnt/1\n...\nCIFS: VFS: Verify user has a krb5 ticket and keyutils is installed\nCIFS: VFS: \\\\srv Send error in SessSetup = -126\nCIFS: VFS: Verify user has a krb5 ticket and keyutils is installed\nCIFS: VFS: \\\\srv Send error in SessSetup = -126\ngeneral protection fault, probably for non-canonical address\n0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39\n04/01/2014\nWorkqueue: cifsiod smb2_reconnect_server [cifs]\nRIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0\nCode: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad\nde 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75\n7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8\nRSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83\nRAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b\nRDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800\nRBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000\nR13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000\nFS: 0000000000000000(0000) GS:ffff888157c00000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? die_addr+0x36/0x90\n ? exc_general_protection+0x1c1/0x3f0\n ? asm_exc_general_protection+0x26/0x30\n ? __list_del_entry_valid_or_report+0x33/0xf0\n __cifs_put_smb_ses+0x1ae/0x500 [cifs]\n smb2_reconnect_server+0x4ed/0x710 [cifs]\n process_one_work+0x205/0x6b0\n worker_thread+0x191/0x360\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe2/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35870', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280745', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282336', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47400', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27393', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://errata.rockylinux.org/RLSA-2024:4349', 'https://git.kernel.org/linus/24a9799aa8efecd0eb55a75e35f9d8e6400063aa (6.9-rc3)', 'https://git.kernel.org/stable/c/24a9799aa8efecd0eb55a75e35f9d8e6400063aa', 'https://git.kernel.org/stable/c/45f2beda1f1bc3d962ec07db1ccc3197c25499a5', 'https://git.kernel.org/stable/c/6202996a1c1887e83d0b3b0fcd86d0e5e6910ea0', 'https://linux.oracle.com/cve/CVE-2024-35870.html', 'https://linux.oracle.com/errata/ELSA-2024-4349.html', 'https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35870-3c02@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35870', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35870'], 'PublishedDate': '2024-05-19T09:15:08.427Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35875', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/coco: Require seeding RNG with RDRAND on CoCo systems\n\nThere are few uses of CoCo that don\'t rely on working cryptography and\nhence a working RNG. Unfortunately, the CoCo threat model means that the\nVM host cannot be trusted and may actively work against guests to\nextract secrets or manipulate computation. Since a malicious host can\nmodify or observe nearly all inputs to guests, the only remaining source\nof entropy for CoCo guests is RDRAND.\n\nIf RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole\nis meant to gracefully continue on gathering entropy from other sources,\nbut since there aren\'t other sources on CoCo, this is catastrophic.\nThis is mostly a concern at boot time when initially seeding the RNG, as\nafter that the consequences of a broken RDRAND are much more\ntheoretical.\n\nSo, try at boot to seed the RNG using 256 bits of RDRAND output. If this\nfails, panic(). This will also trigger if the system is booted without\nRDRAND, as RDRAND is essential for a safe CoCo boot.\n\nAdd this deliberately to be "just a CoCo x86 driver feature" and not\npart of the RNG itself. Many device drivers and platforms have some\ndesire to contribute something to the RNG, and add_device_randomness()\nis specifically meant for this purpose.\n\nAny driver can call it with seed data of any quality, or even garbage\nquality, and it can only possibly make the quality of the RNG better or\nhave no effect, but can never make it worse.\n\nRather than trying to build something into the core of the RNG, consider\nthe particular CoCo issue just a CoCo issue, and therefore separate it\nall out into driver (well, arch/platform) code.\n\n  [ bp: Massage commit message. ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269436', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273141', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275678', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278206', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281052', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281151', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282709', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293273', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300414', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300491', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300713', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301637', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131', 'https://errata.rockylinux.org/RLSA-2024:6567', 'https://git.kernel.org/linus/99485c4c026f024e7cb82da84c7951dbe3deb584 (6.9-rc3)', 'https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e', 'https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374', 'https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5', 'https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584', 'https://linux.oracle.com/cve/CVE-2024-35875.html', 'https://linux.oracle.com/errata/ELSA-2024-6567.html', 'https://lore.kernel.org/linux-cve-announce/2024051942-CVE-2024-35875-e23d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35875', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35875'], 'PublishedDate': '2024-05-19T09:15:08.833Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35878', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35878', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of: module: prevent NULL pointer dereference in vsnprintf()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35878', 'https://git.kernel.org/linus/a1aa5390cc912934fee76ce80af5f940452fa987 (6.9-rc3)', 'https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898', 'https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987', 'https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b', 'https://lore.kernel.org/linux-cve-announce/2024051943-CVE-2024-35878-5af8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35878', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35878'], 'PublishedDate': '2024-05-19T09:15:09.09Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35887', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: fix use-after-free bugs caused by ax25_ds_del_timer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix use-after-free bugs caused by ax25_ds_del_timer\n\nWhen the ax25 device is detaching, the ax25_dev_device_down()\ncalls ax25_ds_del_timer() to cleanup the slave_timer. When\nthe timer handler is running, the ax25_ds_del_timer() that\ncalls del_timer() in it will return directly. As a result,\nthe use-after-free bugs could happen, one of the scenarios\nis shown below:\n\n      (Thread 1)          |      (Thread 2)\n                          | ax25_ds_timeout()\nax25_dev_device_down()    |\n  ax25_ds_del_timer()     |\n    del_timer()           |\n  ax25_dev_put() //FREE   |\n                          |  ax25_dev-> //USE\n\nIn order to mitigate bugs, when the device is detaching, use\ntimer_shutdown_sync() to stop the timer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35887', 'https://git.kernel.org/linus/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 (6.9-rc3)', 'https://git.kernel.org/stable/c/74204bf9050f7627aead9875fe4e07ba125cb19b', 'https://git.kernel.org/stable/c/c6a368f9c7af4c14b14d390c2543af8001c9bdb9', 'https://git.kernel.org/stable/c/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89', 'https://lore.kernel.org/linux-cve-announce/2024051947-CVE-2024-35887-9c08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35887', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35887'], 'PublishedDate': '2024-05-19T09:15:09.837Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35892', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix lockdep splat in qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() is called with the qdisc lock held,\nnot RTNL.\n\nWe must use qdisc_lookup_rcu() instead of qdisc_lookup()\n\nsyzbot reported:\n\nWARNING: suspicious RCU usage\n6.1.74-syzkaller #0 Not tainted\n-----------------------------\nnet/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n3 locks held by udevd/1142:\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282\n  #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]\n  #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792\n\nstack backtrace:\nCPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n <TASK>\n  [<ffffffff85b85f14>] __dump_stack lib/dump_stack.c:88 [inline]\n  [<ffffffff85b85f14>] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106\n  [<ffffffff85b86007>] dump_stack+0x15/0x1e lib/dump_stack.c:113\n  [<ffffffff81802299>] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592\n  [<ffffffff84f0054c>] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305\n  [<ffffffff84f037c3>] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811\n  [<ffffffff84f5b78c>] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51\n  [<ffffffff84fbcf63>] qdisc_enqueue include/net/sch_generic.h:833 [inline]\n  [<ffffffff84fbcf63>] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723\n  [<ffffffff84eecab9>] dequeue_skb net/sched/sch_generic.c:292 [inline]\n  [<ffffffff84eecab9>] qdisc_restart net/sched/sch_generic.c:397 [inline]\n  [<ffffffff84eecab9>] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415\n  [<ffffffff84d7aa96>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125\n  [<ffffffff84d85d29>] net_tx_action+0x7c9/0x970 net/core/dev.c:5313\n  [<ffffffff85e002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616\n  [<ffffffff81568bca>] invoke_softirq kernel/softirq.c:447 [inline]\n  [<ffffffff81568bca>] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700\n  [<ffffffff81568ae9>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712\n  [<ffffffff85b89f52>] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107\n  [<ffffffff85c00ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35892', 'https://git.kernel.org/linus/7eb322360b0266481e560d1807ee79e0cef5742b (6.9-rc3)', 'https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1', 'https://git.kernel.org/stable/c/7eb322360b0266481e560d1807ee79e0cef5742b', 'https://git.kernel.org/stable/c/b7d1ce2cc7192e8a037faa3f5d3ba72c25976460', 'https://git.kernel.org/stable/c/c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e', 'https://lore.kernel.org/linux-cve-announce/2024051949-CVE-2024-35892-0f0c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35892', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35892'], 'PublishedDate': '2024-05-19T09:15:10.23Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35904', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux: avoid dereference of garbage after mount failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: avoid dereference of garbage after mount failure\n\nIn case kern_mount() fails and returns an error pointer return in the\nerror branch instead of continuing and dereferencing the error pointer.\n\nWhile on it drop the never read static variable selinuxfs_mount.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-35904', 'https://git.kernel.org/linus/37801a36b4d68892ce807264f784d818f8d0d39b (6.9-rc3)', 'https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b', 'https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e', 'https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c', 'https://lore.kernel.org/linux-cve-announce/2024051953-CVE-2024-35904-7f85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35904', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35904'], 'PublishedDate': '2024-05-19T09:15:11.19Z', 'LastModifiedDate': '2024-06-10T17:16:31.803Z'}, {'VulnerabilityID': 'CVE-2024-35908', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tls: get psock ref after taking rxlock to avoid leak', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: get psock ref after taking rxlock to avoid leak\n\nAt the start of tls_sw_recvmsg, we take a reference on the psock, and\nthen call tls_rx_reader_lock. If that fails, we return directly\nwithout releasing the reference.\n\nInstead of adding a new label, just take the reference after locking\nhas succeeded, since we don't need it before.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35908', 'https://git.kernel.org/linus/417e91e856099e9b8a42a2520e2255e6afe024be (6.9-rc2)', 'https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8', 'https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be', 'https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3', 'https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096', 'https://lore.kernel.org/linux-cve-announce/2024051955-CVE-2024-35908-e78a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35908', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35908'], 'PublishedDate': '2024-05-19T09:15:11.477Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35920', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35920', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: adding lock to protect decoder context list', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: adding lock to protect decoder context list\n\nAdd a lock for the ctx_list, to avoid accessing a NULL pointer\nwithin the 'vpu_dec_ipi_handler' function when the ctx_list has\nbeen deleted due to an unexpected behavior on the SCP IP block.\n\nHardware name: Google juniper sku16 board (DT)\npstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)\npc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec]\nlr : scp_ipi_handler+0xd0/0x194 [mtk_scp]\nsp : ffffffc0131dbbd0\nx29: ffffffc0131dbbd0 x28: 0000000000000000\nx27: ffffff9bb277f348 x26: ffffff9bb242ad00\nx25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4\nx23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0\nx21: 0000000000000010 x20: ffffff9b050ea328\nx19: ffffffc0131dbc08 x18: 0000000000001000\nx17: 0000000000000000 x16: ffffffd2d461c6e0\nx15: 0000000000000242 x14: 000000000000018f\nx13: 000000000000004d x12: 0000000000000000\nx11: 0000000000000001 x10: fffffffffffffff0\nx9 : ffffff9bb6e793a8 x8 : 0000000000000000\nx7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : fffffffffffffff0\nx3 : 0000000000000020 x2 : ffffff9bb6e79080\nx1 : 0000000000000010 x0 : ffffffc0131dbc08\nCall trace:\nvpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)]\nscp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)]\nmt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)]\nscp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)]\nirq_thread_fn+0x38/0x94\nirq_thread+0x100/0x1c0\nkthread+0x140/0x1fc\nret_from_fork+0x10/0x30\nCode: 54000088 f94ca50a eb14015f 54000060 (f9400108)\n---[ end trace ace43ce36cbd5c93 ]---\nKernel panic - not syncing: Oops: Fatal exception\nSMP: stopping secondary CPUs\nKernel Offset: 0x12c4000000 from 0xffffffc010000000\nPHYS_OFFSET: 0xffffffe580000000\nCPU features: 0x08240002,2188200c\nMemory Limit: none", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35920', 'https://git.kernel.org/linus/6467cda18c9f9b5f2f9a0aa1e2861c653e41f382 (6.9-rc4)', 'https://git.kernel.org/stable/c/0a2dc707aa42214f9c4827bd57e344e29a0841d6', 'https://git.kernel.org/stable/c/23aaf824121055ba81b55f75444355bd83c8eb38', 'https://git.kernel.org/stable/c/6467cda18c9f9b5f2f9a0aa1e2861c653e41f382', 'https://lore.kernel.org/linux-cve-announce/2024051913-CVE-2024-35920-ceed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35920', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35920'], 'PublishedDate': '2024-05-19T11:15:48.373Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35924', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35924', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Limit read size on v1.2', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Limit read size on v1.2\n\nBetween UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was\nincreased from 16 to 256. In order to avoid overflowing reads for older\nsystems, add a mechanism to use the read UCSI version to truncate read\nsizes on UCSI v1.2.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35924', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/b3db266fb031fba88c423d4bb8983a73a3db6527 (6.9-rc1)', 'https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f', 'https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40', 'https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527', 'https://linux.oracle.com/cve/CVE-2024-35924.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051914-CVE-2024-35924-90f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35924', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35924'], 'PublishedDate': '2024-05-19T11:15:48.653Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35926', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35926', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: iaa - Fix async_disable descriptor leak', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix async_disable descriptor leak\n\nThe disable_async paths of iaa_compress/decompress() don't free idxd\ndescriptors in the async_disable case. Currently this only happens in\nthe testcases where req->dst is set to null. Add a test to free them\nin those paths.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35926', 'https://git.kernel.org/linus/262534ddc88dfea7474ed18adfecf856e4fbe054 (6.9-rc1)', 'https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054', 'https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35926-d677@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35926', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35926'], 'PublishedDate': '2024-05-19T11:15:48.793Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35929', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()\n\nFor the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and\nCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()\nin the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:\n\n        CPU2                                               CPU11\nkthread\nrcu_nocb_cb_kthread                                       ksys_write\nrcu_do_batch                                              vfs_write\nrcu_torture_timer_cb                                      proc_sys_write\n__kmem_cache_free                                         proc_sys_call_handler\nkmemleak_free                                             drop_caches_sysctl_handler\ndelete_object_full                                        drop_slab\n__delete_object                                           shrink_slab\nput_object                                                lazy_rcu_shrink_scan\ncall_rcu                                                  rcu_nocb_flush_bypass\n__call_rcu_commn                                            rcu_nocb_bypass_lock\n                                                            raw_spin_trylock(&rdp->nocb_bypass_lock) fail\n                                                            atomic_inc(&rdp->nocb_lock_contended);\nrcu_nocb_wait_contended                                     WARN_ON_ONCE(smp_processor_id() != rdp->cpu);\n WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended))                                          |\n                            |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|\n\nReproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".\n\nThis commit therefore uses rcu_nocb_try_flush_bypass() instead of\nrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan().  If the nocb_bypass\nqueue is being flushed, then rcu_nocb_try_flush_bypass will return\ndirectly.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35929', 'https://git.kernel.org/linus/dda98810b552fc6bf650f4270edeebdc2f28bd3f (6.9-rc1)', 'https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc', 'https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a', 'https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f', 'https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35929-6f74@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35929', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35929'], 'PublishedDate': '2024-05-19T11:15:48.993Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35931', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Skip do PCI error slot reset during RAS recovery', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n    The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n    caused system hang.\n    [  557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n    [  557.373718] [drm] PCIE GART of 512M enabled.\n    [  557.373722] [drm] PTB located at 0x0000031FED700000\n    [  557.373788] [drm] VRAM is lost due to GPU reset!\n    [  557.373789] [drm] PSP is resuming...\n    [  557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n    [  557.547067] [drm] PCI error: detected callback, state(1)!!\n    [  557.547069] [drm] No support for XGMI hive yet...\n    [  557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n    [  557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n    [  557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n    [  557.610492] [drm] PCI error: slot reset callback!!\n    ...\n    [  560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n    [  560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n    [  560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n    [  560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G           OE     5.15.0-91-generic #101-Ubuntu\n    [  560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n    [  560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n    [  560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n    [  560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n    [  560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n    [  560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n    [  560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n    [  560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n    [  560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n    [  560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n    [  560.803889] FS:  0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n    [  560.812973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    [  560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n    [  560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    [  560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n    [  560.843444] PKRU: 55555554\n    [  560.846480] Call Trace:\n    [  560.849225]  <TASK>\n    [  560.851580]  ? show_trace_log_lvl+0x1d6/0x2ea\n    [  560.856488]  ? show_trace_log_lvl+0x1d6/0x2ea\n    [  560.861379]  ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n    [  560.867778]  ? show_regs.part.0+0x23/0x29\n    [  560.872293]  ? __die_body.cold+0x8/0xd\n    [  560.876502]  ? die_addr+0x3e/0x60\n    [  560.880238]  ? exc_general_protection+0x1c5/0x410\n    [  560.885532]  ? asm_exc_general_protection+0x27/0x30\n    [  560.891025]  ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n    [  560.898323]  amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n    [  560.904520]  process_one_work+0x228/0x3d0\nHow:\n    In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n    all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35931', 'https://git.kernel.org/linus/601429cca96b4af3be44172c3b64e4228515dbe1 (6.9-rc1)', 'https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35', 'https://git.kernel.org/stable/c/601429cca96b4af3be44172c3b64e4228515dbe1', 'https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35931-430d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35931', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35931'], 'PublishedDate': '2024-05-19T11:15:49.133Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35932', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/vc4: don't check if plane->state->fb == state->fb", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: don't check if plane->state->fb == state->fb\n\nCurrently, when using non-blocking commits, we can see the following\nkernel warning:\n\n[  110.908514] ------------[ cut here ]------------\n[  110.908529] refcount_t: underflow; use-after-free.\n[  110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0\n[  110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[  110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G         C         6.1.66-v8+ #32\n[  110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[  110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  110.909132] pc : refcount_dec_not_one+0xb8/0xc0\n[  110.909152] lr : refcount_dec_not_one+0xb4/0xc0\n[  110.909170] sp : ffffffc00913b9c0\n[  110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60\n[  110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480\n[  110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78\n[  110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000\n[  110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004\n[  110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003\n[  110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00\n[  110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572\n[  110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000\n[  110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001\n[  110.909434] Call trace:\n[  110.909441]  refcount_dec_not_one+0xb8/0xc0\n[  110.909461]  vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4]\n[  110.909903]  vc4_cleanup_fb+0x44/0x50 [vc4]\n[  110.910315]  drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper]\n[  110.910669]  vc4_atomic_commit_tail+0x390/0x9dc [vc4]\n[  110.911079]  commit_tail+0xb0/0x164 [drm_kms_helper]\n[  110.911397]  drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper]\n[  110.911716]  drm_atomic_commit+0xb0/0xdc [drm]\n[  110.912569]  drm_mode_atomic_ioctl+0x348/0x4b8 [drm]\n[  110.913330]  drm_ioctl_kernel+0xec/0x15c [drm]\n[  110.914091]  drm_ioctl+0x24c/0x3b0 [drm]\n[  110.914850]  __arm64_sys_ioctl+0x9c/0xd4\n[  110.914873]  invoke_syscall+0x4c/0x114\n[  110.914897]  el0_svc_common+0xd0/0x118\n[  110.914917]  do_el0_svc+0x38/0xd0\n[  110.914936]  el0_svc+0x30/0x8c\n[  110.914958]  el0t_64_sync_handler+0x84/0xf0\n[  110.914979]  el0t_64_sync+0x18c/0x190\n[  110.914996] ---[ end trace 0000000000000000 ]---\n\nThis happens because, although `prepare_fb` and `cleanup_fb` are\nperfectly balanced, we cannot guarantee consistency in the check\nplane->state->fb == state->fb. This means that sometimes we can increase\nthe refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The\nopposite can also be true.\n\nIn fact, the struct drm_plane .state shouldn't be accessed directly\nbut instead, the `drm_atomic_get_new_plane_state()` helper function should\nbe used. So, we could stick to this check, but using\n`drm_atomic_get_new_plane_state()`. But actually, this check is not re\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35932', 'https://git.kernel.org/linus/5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 (6.9-rc1)', 'https://git.kernel.org/stable/c/48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40', 'https://git.kernel.org/stable/c/5343f724c912c77541029123f47ecd3d2ea63bdd', 'https://git.kernel.org/stable/c/5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9', 'https://git.kernel.org/stable/c/d6b2fe2db1d0927b2d7df5c763eba55d0e1def3c', 'https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35932-b008@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35932', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35932'], 'PublishedDate': '2024-05-19T11:15:49.203Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35937', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: check A-MSDU format more carefully', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35937', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/9ad7974856926129f190ffbe3beea78460b3b7cc (6.9-rc1)', 'https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544', 'https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9', 'https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc', 'https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e', 'https://linux.oracle.com/cve/CVE-2024-35937.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35937-0415@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35937', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35937'], 'PublishedDate': '2024-05-19T11:15:49.553Z', 'LastModifiedDate': '2024-08-29T17:15:07.693Z'}, {'VulnerabilityID': 'CVE-2024-35939', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-direct: Leak pages on dma_set_decrypted() failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35939', 'https://git.kernel.org/linus/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (6.9-rc1)', 'https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a', 'https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9', 'https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c', 'https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf', 'https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35939-f877@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35939', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35939'], 'PublishedDate': '2024-05-19T11:15:49.69Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35942', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain\n\nAccording to i.MX8MP RM and HDMI ADD, the fdcc clock is part of\nhdmi rx verification IP that should not enable for HDMI TX.\nBut actually if the clock is disabled before HDMI/LCDIF probe,\nLCDIF will not get pixel clock from HDMI PHY and print the error\nlogs:\n\n[CRTC:39:crtc-2] vblank wait timed out\nWARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260\n\nAdd fdcc clock to LCDIF and HDMI TX power domains to fix the issue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35942', 'https://git.kernel.org/linus/697624ee8ad557ab5417f985d2c804241a7ad30d (6.9-rc1)', 'https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d', 'https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c', 'https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a', 'https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35942-af72@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35942', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35942'], 'PublishedDate': '2024-05-19T11:15:49.89Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35943', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: ti: Add a null pointer check to the omap_prm_domain_init\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35943', 'https://git.kernel.org/linus/5d7f58ee08434a33340f75ac7ac5071eea9673b3 (6.9-rc1)', 'https://git.kernel.org/stable/c/04f23510daa40f9010fadf309507564a34ad956f', 'https://git.kernel.org/stable/c/5d7f58ee08434a33340f75ac7ac5071eea9673b3', 'https://git.kernel.org/stable/c/bc08f5ab11b1881b85371f0bd9c9a3d27f65cca8', 'https://git.kernel.org/stable/c/ce666cecc09c0f92d5f86d89d8068ecfcf723a7e', 'https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35943-93a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35943', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35943'], 'PublishedDate': '2024-05-19T11:15:49.953Z', 'LastModifiedDate': '2024-09-18T18:15:06.23Z'}, {'VulnerabilityID': 'CVE-2024-35945', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35945', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: phy_device: Prevent nullptr exceptions on ISR', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: phy_device: Prevent nullptr exceptions on ISR\n\nIf phydev->irq is set unconditionally, check\nfor valid interrupt handler or fall back to polling mode to prevent\nnullptr exceptions in interrupt service routine.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35945', 'https://git.kernel.org/linus/61c81872815f46006982bb80460c0c80a949b35b (6.9-rc1)', 'https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311', 'https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b', 'https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5', 'https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35945-c005@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35945', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35945'], 'PublishedDate': '2024-05-19T11:15:50.11Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35946', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fix null pointer access when abort scan', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35946', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/7e11a2966f51695c0af0b1f976a32d64dee243b2 (6.9-rc1)', 'https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d', 'https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2', 'https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8', 'https://linux.oracle.com/cve/CVE-2024-35946.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051921-CVE-2024-35946-c2c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35946', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35946'], 'PublishedDate': '2024-05-19T11:15:50.18Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35949', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: make sure that WRITTEN is set on all metadata blocks', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\'t set on the leaf, and then the\nextended leaf checks don\'t get run which we rely on to validate all of\nthe item pointers to make sure we don\'t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 ("btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking.  This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n  [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n  [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n  [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n  [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n  [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n  [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n  [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n  [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n  [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n  [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n  [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n  [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n  [2.621] FS:  00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n  [2.621] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n  [2.621] Call Trace:\n  [2.621]  <TASK>\n  [2.621]  ? show_regs+0x74/0x80\n  [2.621]  ? die_addr+0x46/0xc0\n  [2.621]  ? exc_general_protection+0x161/0x2a0\n  [2.621]  ? asm_exc_general_protection+0x26/0x30\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? btrfs_get_16+0x34b/0x6d0\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? __pfx_btrfs_get_16+0x10/0x10\n  [2.621]  ? __pfx_mutex_unlock+0x10/0x10\n  [2.621]  btrfs_match_dir_item_name+0x101/0x1a0\n  [2.621]  btrfs_lookup_dir_item+0x1f3/0x280\n  [2.621]  ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n  [2.621]  btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35949', 'https://git.kernel.org/linus/e03418abde871314e1a3a550f4c8afb7b89cb273 (6.9)', 'https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273', 'https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/', 'https://lore.kernel.org/linux-cve-announce/2024052045-CVE-2024-35949-4a64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35949', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35949'], 'PublishedDate': '2024-05-20T10:15:10.413Z', 'LastModifiedDate': '2024-06-10T16:15:16.563Z'}, {'VulnerabilityID': 'CVE-2024-35956', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations\n\nCreate subvolume, create snapshot and delete subvolume all use\nbtrfs_subvolume_reserve_metadata() to reserve metadata for the changes\ndone to the parent subvolume's fs tree, which cannot be mediated in the\nnormal way via start_transaction. When quota groups (squota or qgroups)\nare enabled, this reserves qgroup metadata of type PREALLOC. Once the\noperation is associated to a transaction, we convert PREALLOC to\nPERTRANS, which gets cleared in bulk at the end of the transaction.\n\nHowever, the error paths of these three operations were not implementing\nthis lifecycle correctly. They unconditionally converted the PREALLOC to\nPERTRANS in a generic cleanup step regardless of errors or whether the\noperation was fully associated to a transaction or not. This resulted in\nerror paths occasionally converting this rsv to PERTRANS without calling\nrecord_root_in_trans successfully, which meant that unless that root got\nrecorded in the transaction by some other thread, the end of the\ntransaction would not free that root's PERTRANS, leaking it. Ultimately,\nthis resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount\nfor the leaked reservation.\n\nThe fix is to ensure that every qgroup PREALLOC reservation observes the\nfollowing properties:\n\n1. any failure before record_root_in_trans is called successfully\n   results in freeing the PREALLOC reservation.\n2. after record_root_in_trans, we convert to PERTRANS, and now the\n   transaction owns freeing the reservation.\n\nThis patch enforces those properties on the three operations. Without\nit, generic/269 with squotas enabled at mkfs time would fail in ~5-10\nruns on my system. With this patch, it ran successfully 1000 times in a\nrow.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35956', 'https://git.kernel.org/linus/74e97958121aa1f5854da6effba70143f051b0cd (6.9-rc4)', 'https://git.kernel.org/stable/c/14431815a4ae4bcd7c7a68b6a64c66c7712d27c9', 'https://git.kernel.org/stable/c/6c95336f5d8eb9ab79cd7306d71b6d0477363f8c', 'https://git.kernel.org/stable/c/74e97958121aa1f5854da6effba70143f051b0cd', 'https://lore.kernel.org/linux-cve-announce/2024052018-CVE-2024-35956-3c25@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35956', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35956'], 'PublishedDate': '2024-05-20T10:15:10.92Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35959', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix mlx5e_priv_init() cleanup flow\n\nWhen mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which\ncalls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using\nlockdep_is_held().\n\nAcquire the state_lock in mlx5e_selq_cleanup().\n\nKernel log:\n=============================\nWARNING: suspicious RCU usage\n6.8.0-rc3_net_next_841a9b5 #1 Not tainted\n-----------------------------\ndrivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by systemd-modules/293:\n #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core]\n #1: ffff8881096c65c0 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core]\n\nstack backtrace:\nCPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x8a/0xa0\n lockdep_rcu_suspicious+0x154/0x1a0\n mlx5e_selq_apply+0x94/0xa0 [mlx5_core]\n mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core]\n mlx5e_priv_init+0x2be/0x2f0 [mlx5_core]\n mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core]\n rdma_init_netdev+0x4e/0x80 [ib_core]\n ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core]\n ipoib_intf_init+0x64/0x550 [ib_ipoib]\n ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib]\n ipoib_add_one+0xb0/0x360 [ib_ipoib]\n add_client_context+0x112/0x1c0 [ib_core]\n ib_register_client+0x166/0x1b0 [ib_core]\n ? 0xffffffffa0573000\n ipoib_init_module+0xeb/0x1a0 [ib_ipoib]\n do_one_initcall+0x61/0x250\n do_init_module+0x8a/0x270\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x17d/0x230\n __x64_sys_finit_module+0x61/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-35959', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/ecb829459a841198e142f72fadab56424ae96519 (6.9-rc4)', 'https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7', 'https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76', 'https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519', 'https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3', 'https://linux.oracle.com/cve/CVE-2024-35959.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35959-6e06@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35959', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35959'], 'PublishedDate': '2024-05-20T10:15:11.123Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35965', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: L2CAP: Fix not validating setsockopt user input', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix not validating setsockopt user input\n\nCheck user input length before copying data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35965', 'https://git.kernel.org/linus/4f3951242ace5efc7131932e2e01e6ac6baed846 (6.9-rc4)', 'https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a', 'https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846', 'https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9', 'https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607', 'https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35965-19f1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35965', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35965'], 'PublishedDate': '2024-05-20T10:15:11.52Z', 'LastModifiedDate': '2024-10-17T14:15:06.147Z'}, {'VulnerabilityID': 'CVE-2024-35966', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: RFCOMM: Fix not validating setsockopt user input', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: Fix not validating setsockopt user input\n\nsyzbot reported rfcomm_sock_setsockopt_old() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old\nnet/bluetooth/rfcomm/sock.c:632 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70\nnet/bluetooth/rfcomm/sock.c:673\nRead of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35966', 'https://git.kernel.org/linus/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695 (6.9-rc4)', 'https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546', 'https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695', 'https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f', 'https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35966-e107@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35966', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35966'], 'PublishedDate': '2024-05-20T10:15:11.58Z', 'LastModifiedDate': '2024-08-29T17:15:07.763Z'}, {'VulnerabilityID': 'CVE-2024-35967', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: SCO: Fix not validating setsockopt user input', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix not validating setsockopt user input\n\nsyzbot reported sco_sock_setsockopt() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90\nnet/bluetooth/sco.c:893\nRead of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35967', 'https://git.kernel.org/linus/51eda36d33e43201e7a4fd35232e069b2c850b01 (6.9-rc4)', 'https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7', 'https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01', 'https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c', 'https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315', 'https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024052022-CVE-2024-35967-d111@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35967', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35967'], 'PublishedDate': '2024-05-20T10:15:11.647Z', 'LastModifiedDate': '2024-06-25T22:15:33.88Z'}, {'VulnerabilityID': 'CVE-2024-35971', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Handle softirqs at the end of IRQ thread to fix hang\n\nThe ks8851_irq() thread may call ks8851_rx_pkts() in case there are\nany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()\nimplementation is guarded by local_bh_disable() and local_bh_enable().\nThe local_bh_enable() may call do_softirq() to run softirqs in case\nany are pending. One of the softirqs is net_rx_action, which ultimately\nreaches the driver .start_xmit callback. If that happens, the system\nhangs. The entire call chain is below:\n\nks8851_start_xmit_par from netdev_start_xmit\nnetdev_start_xmit from dev_hard_start_xmit\ndev_hard_start_xmit from sch_direct_xmit\nsch_direct_xmit from __dev_queue_xmit\n__dev_queue_xmit from __neigh_update\n__neigh_update from neigh_update\nneigh_update from arp_process.constprop.0\narp_process.constprop.0 from __netif_receive_skb_one_core\n__netif_receive_skb_one_core from process_backlog\nprocess_backlog from __napi_poll.constprop.0\n__napi_poll.constprop.0 from net_rx_action\nnet_rx_action from __do_softirq\n__do_softirq from call_with_stack\ncall_with_stack from do_softirq\ndo_softirq from __local_bh_enable_ip\n__local_bh_enable_ip from netif_rx\nnetif_rx from ks8851_irq\nks8851_irq from irq_thread_fn\nirq_thread_fn from irq_thread\nirq_thread from kthread\nkthread from ret_from_fork\n\nThe hang happens because ks8851_irq() first locks a spinlock in\nks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...)\nand with that spinlock locked, calls netif_rx(). Once the execution\nreaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again\nwhich attempts to claim the already locked spinlock again, and the\nhang happens.\n\nMove the do_softirq() call outside of the spinlock protected section\nof ks8851_irq() by disabling BHs around the entire spinlock protected\nsection of ks8851_irq() handler. Place local_bh_enable() outside of\nthe spinlock protected section, so that it can trigger do_softirq()\nwithout the ks8851_par.c ks8851_lock_par() spinlock being held, and\nsafely call ks8851_start_xmit_par() without attempting to lock the\nalready locked spinlock.\n\nSince ks8851_irq() is protected by local_bh_disable()/local_bh_enable()\nnow, replace netif_rx() with __netif_rx() which is not duplicating the\nlocal_bh_disable()/local_bh_enable() calls.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-35971', 'https://git.kernel.org/linus/be0384bf599cf1eb8d337517feeb732d71f75a6f (6.9-rc4)', 'https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540', 'https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b', 'https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f', 'https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f', 'https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-35971-fb84@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35971', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35971'], 'PublishedDate': '2024-05-20T10:15:11.947Z', 'LastModifiedDate': '2024-06-10T18:15:35.383Z'}, {'VulnerabilityID': 'CVE-2024-35979', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: raid1: fix use-after-free for original bio in raid1_write_request()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nraid1: fix use-after-free for original bio in raid1_write_request()\n\nr1_bio->bios[] is used to record new bios that will be issued to\nunderlying disks, however, in raid1_write_request(), r1_bio->bios[]\nwill set to the original bio temporarily. Meanwhile, if blocked rdev\nis set, free_r1bio() will be called causing that all r1_bio->bios[]\nto be freed:\n\nraid1_write_request()\n r1_bio = alloc_r1bio(mddev, bio); -> r1_bio->bios[] is NULL\n for (i = 0;  i < disks; i++) -> for each rdev in conf\n  // first rdev is normal\n  r1_bio->bios[0] = bio; -> set to original bio\n  // second rdev is blocked\n  if (test_bit(Blocked, &rdev->flags))\n   break\n\n if (blocked_rdev)\n  free_r1bio()\n   put_all_bios()\n    bio_put(r1_bio->bios[0]) -> original bio is freed\n\nTest scripts:\n\nmdadm -CR /dev/md0 -l1 -n4 /dev/sd[abcd] --assume-clean\nfio -filename=/dev/md0 -ioengine=libaio -rw=write -bs=4k -numjobs=1 \\\n    -iodepth=128 -name=test -direct=1\necho blocked > /sys/block/md0/md/rd2/state\n\nTest result:\n\nBUG bio-264 (Not tainted): Object already free\n-----------------------------------------------------------------------------\n\nAllocated in mempool_alloc_slab+0x24/0x50 age=1 cpu=1 pid=869\n kmem_cache_alloc+0x324/0x480\n mempool_alloc_slab+0x24/0x50\n mempool_alloc+0x6e/0x220\n bio_alloc_bioset+0x1af/0x4d0\n blkdev_direct_IO+0x164/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n io_submit_one+0x5ca/0xb70\n __do_sys_io_submit+0x86/0x270\n __x64_sys_io_submit+0x22/0x30\n do_syscall_64+0xb1/0x210\n entry_SYSCALL_64_after_hwframe+0x6c/0x74\nFreed in mempool_free_slab+0x1f/0x30 age=1 cpu=1 pid=869\n kmem_cache_free+0x28c/0x550\n mempool_free_slab+0x1f/0x30\n mempool_free+0x40/0x100\n bio_free+0x59/0x80\n bio_put+0xf0/0x220\n free_r1bio+0x74/0xb0\n raid1_make_request+0xadf/0x1150\n md_handle_request+0xc7/0x3b0\n md_submit_bio+0x76/0x130\n __submit_bio+0xd8/0x1d0\n submit_bio_noacct_nocheck+0x1eb/0x5c0\n submit_bio_noacct+0x169/0xd40\n submit_bio+0xee/0x1d0\n blkdev_direct_IO+0x322/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n\nSince that bios for underlying disks are not allocated yet, fix this\nproblem by using mempool_free() directly to free the r1_bio.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35979', 'https://git.kernel.org/linus/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744 (6.9-rc4)', 'https://git.kernel.org/stable/c/3f28d49a328fe20926995d5fbdc92da665596268', 'https://git.kernel.org/stable/c/f423f41b7679c09abb26d2bd54be5cbef23c9446', 'https://git.kernel.org/stable/c/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744', 'https://lore.kernel.org/linux-cve-announce/2024052025-CVE-2024-35979-2618@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35979', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35979'], 'PublishedDate': '2024-05-20T10:15:12.48Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35998', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix lock ordering potential deadlock in cifs_sync_mid_result\n\nCoverity spotted that the cifs_sync_mid_result function could deadlock\n\n"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires\nlock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"\n\nAddresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35998', 'https://git.kernel.org/linus/8861fd5180476f45f9e8853db154600469a0284f (6.9-rc6)', 'https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75', 'https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc', 'https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f', 'https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66', 'https://lore.kernel.org/linux-cve-announce/2024052022-CVE-2024-35998-96a4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35998', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35998'], 'PublishedDate': '2024-05-20T10:15:14.03Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35999', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: missing lock when picking channel', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: missing lock when picking channel\n\nCoverity spotted a place where we should have been holding the\nchannel lock when accessing the ses channel index.\n\nAddresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)")', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35999', 'https://git.kernel.org/linus/8094a600245e9b28eb36a13036f202ad67c1f887 (6.9-rc6)', 'https://git.kernel.org/stable/c/0fcf7e219448e937681216353c9a58abae6d3c2e', 'https://git.kernel.org/stable/c/60ab245292280905603bc0d3654f4cf8fceccb00', 'https://git.kernel.org/stable/c/8094a600245e9b28eb36a13036f202ad67c1f887', 'https://git.kernel.org/stable/c/98c7ed29cd754ae7475dc7cb3f33399fda902729', 'https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-35999-da29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35999', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35999'], 'PublishedDate': '2024-05-20T10:15:14.1Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36000', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(&hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether.  Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36000', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269436', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273141', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275678', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278206', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281052', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281151', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282709', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293273', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300414', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300491', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300713', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301637', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:6567', 'https://git.kernel.org/linus/b76b46902c2d0395488c8412e1116c2486cdfcb2 (6.9-rc6)', 'https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc', 'https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10', 'https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2', 'https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505', 'https://linux.oracle.com/cve/CVE-2024-36000.html', 'https://linux.oracle.com/errata/ELSA-2024-6567.html', 'https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-36000-cfc4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36000', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36000'], 'PublishedDate': '2024-05-20T10:15:14.163Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36003', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: fix LAG and VF lock dependency in ice_reset_vf()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix LAG and VF lock dependency in ice_reset_vf()\n\n9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over\naggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf().\nThe commit placed this lock acquisition just prior to the acquisition of\nthe VF configuration lock.\n\nIf ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK\nflag, this could deadlock with ice_vc_cfg_qs_msg() because it always\nacquires the locks in the order of the VF configuration lock and then the\nLAG mutex.\n\nLockdep reports this violation almost immediately on creating and then\nremoving 2 VF:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-rc6 #54 Tainted: G        W  O\n------------------------------------------------------\nkworker/60:3/6771 is trying to acquire lock:\nff40d43e099380a0 (&vf->cfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice]\n\nbut task is already holding lock:\nff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&pf->lag_mutex){+.+.}-{3:3}:\n       __lock_acquire+0x4f8/0xb40\n       lock_acquire+0xd4/0x2d0\n       __mutex_lock+0x9b/0xbf0\n       ice_vc_cfg_qs_msg+0x45/0x690 [ice]\n       ice_vc_process_vf_msg+0x4f5/0x870 [ice]\n       __ice_clean_ctrlq+0x2b5/0x600 [ice]\n       ice_service_task+0x2c9/0x480 [ice]\n       process_one_work+0x1e9/0x4d0\n       worker_thread+0x1e1/0x3d0\n       kthread+0x104/0x140\n       ret_from_fork+0x31/0x50\n       ret_from_fork_asm+0x1b/0x30\n\n-> #0 (&vf->cfg_lock){+.+.}-{3:3}:\n       check_prev_add+0xe2/0xc50\n       validate_chain+0x558/0x800\n       __lock_acquire+0x4f8/0xb40\n       lock_acquire+0xd4/0x2d0\n       __mutex_lock+0x9b/0xbf0\n       ice_reset_vf+0x22f/0x4d0 [ice]\n       ice_process_vflr_event+0x98/0xd0 [ice]\n       ice_service_task+0x1cc/0x480 [ice]\n       process_one_work+0x1e9/0x4d0\n       worker_thread+0x1e1/0x3d0\n       kthread+0x104/0x140\n       ret_from_fork+0x31/0x50\n       ret_from_fork_asm+0x1b/0x30\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n       CPU0                    CPU1\n       ----                    ----\n  lock(&pf->lag_mutex);\n                               lock(&vf->cfg_lock);\n                               lock(&pf->lag_mutex);\n  lock(&vf->cfg_lock);\n\n *** DEADLOCK ***\n4 locks held by kworker/60:3/6771:\n #0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n #1: ff50d06e05197e58 ((work_completion)(&pf->serv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n #2: ff40d43ea1960e50 (&pf->vfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice]\n #3: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\n\nstack backtrace:\nCPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G        W  O       6.8.0-rc6 #54\nHardware name:\nWorkqueue: ice ice_service_task [ice]\nCall Trace:\n <TASK>\n dump_stack_lvl+0x4a/0x80\n check_noncircular+0x12d/0x150\n check_prev_add+0xe2/0xc50\n ? save_trace+0x59/0x230\n ? add_chain_cache+0x109/0x450\n validate_chain+0x558/0x800\n __lock_acquire+0x4f8/0xb40\n ? lockdep_hardirqs_on+0x7d/0x100\n lock_acquire+0xd4/0x2d0\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? lock_is_held_type+0xc7/0x120\n __mutex_lock+0x9b/0xbf0\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? rcu_is_watching+0x11/0x50\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ice_reset_vf+0x22f/0x4d0 [ice]\n ? process_one_work+0x176/0x4d0\n ice_process_vflr_event+0x98/0xd0 [ice]\n ice_service_task+0x1cc/0x480 [ice]\n process_one_work+0x1e9/0x4d0\n worker_thread+0x1e1/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x104/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nTo avoid deadlock, we must acquire the LAG \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36003', 'https://git.kernel.org/linus/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f (6.9-rc6)', 'https://git.kernel.org/stable/c/740717774dc37338404d10726967d582414f638c', 'https://git.kernel.org/stable/c/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f', 'https://git.kernel.org/stable/c/de8631d8c9df08440268630200e64b623a5f69e6', 'https://linux.oracle.com/cve/CVE-2024-36003.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024052024-CVE-2024-36003-33b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36003', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36003'], 'PublishedDate': '2024-05-20T10:15:14.36Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36009', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: Fix netdev refcount issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix netdev refcount issue\n\nThe dev_tracker is added to ax25_cb in ax25_bind(). When the\nax25 device is detaching, the dev_tracker of ax25_cb should be\ndeallocated in ax25_kill_by_device() instead of the dev_tracker\nof ax25_dev. The log reported by ref_tracker is shown below:\n\n[   80.884935] ref_tracker: reference already released.\n[   80.885150] ref_tracker: allocated in:\n[   80.885349]  ax25_dev_device_up+0x105/0x540\n[   80.885730]  ax25_device_event+0xa4/0x420\n[   80.885730]  notifier_call_chain+0xc9/0x1e0\n[   80.885730]  __dev_notify_flags+0x138/0x280\n[   80.885730]  dev_change_flags+0xd7/0x180\n[   80.885730]  dev_ifsioc+0x6a9/0xa30\n[   80.885730]  dev_ioctl+0x4d8/0xd90\n[   80.885730]  sock_do_ioctl+0x1c2/0x2d0\n[   80.885730]  sock_ioctl+0x38b/0x4f0\n[   80.885730]  __se_sys_ioctl+0xad/0xf0\n[   80.885730]  do_syscall_64+0xc4/0x1b0\n[   80.885730]  entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[   80.885730] ref_tracker: freed in:\n[   80.885730]  ax25_device_event+0x272/0x420\n[   80.885730]  notifier_call_chain+0xc9/0x1e0\n[   80.885730]  dev_close_many+0x272/0x370\n[   80.885730]  unregister_netdevice_many_notify+0x3b5/0x1180\n[   80.885730]  unregister_netdev+0xcf/0x120\n[   80.885730]  sixpack_close+0x11f/0x1b0\n[   80.885730]  tty_ldisc_kill+0xcb/0x190\n[   80.885730]  tty_ldisc_hangup+0x338/0x3d0\n[   80.885730]  __tty_hangup+0x504/0x740\n[   80.885730]  tty_release+0x46e/0xd80\n[   80.885730]  __fput+0x37f/0x770\n[   80.885730]  __x64_sys_close+0x7b/0xb0\n[   80.885730]  do_syscall_64+0xc4/0x1b0\n[   80.885730]  entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[   80.893739] ------------[ cut here ]------------\n[   80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0\n[   80.894297] Modules linked in:\n[   80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11\n[   80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4\n[   80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0\n[   80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9\n[   80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286\n[   80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000\n[   80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518\n[   80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a\n[   80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4\n[   80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518\n[   80.898279] FS:  00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000\n[   80.899436] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0\n...\n[   80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at\n[   80.935774]      ax25_bind+0x424/0x4e0\n[   80.935774]      __sys_bind+0x1d9/0x270\n[   80.935774]      __x64_sys_bind+0x75/0x80\n[   80.935774]      do_syscall_64+0xc4/0x1b0\n[   80.935774]      entry_SYSCALL_64_after_hwframe+0x67/0x6f\n\nChange ax25_dev->dev_tracker to the dev_tracker of ax25_cb\nin order to mitigate the bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-36009', 'https://git.kernel.org/linus/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (6.9-rc6)', 'https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851', 'https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b', 'https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530', 'https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8', 'https://lore.kernel.org/linux-cve-announce/2024052026-CVE-2024-36009-f213@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36009', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36009'], 'PublishedDate': '2024-05-20T10:15:14.773Z', 'LastModifiedDate': '2024-06-10T17:16:32.013Z'}, {'VulnerabilityID': 'CVE-2024-36012', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: msft: fix slab-use-after-free in msft_do_close()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\n\nTying the msft->data lifetime to hdev by freeing it in\nhci_release_dev() to fix the following case:\n\n[use]\nmsft_do_close()\n  msft = hdev->msft_data;\n  if (!msft)                      ...(1) <- passed.\n    return;\n  mutex_lock(&msft->filter_lock); ...(4) <- used after freed.\n\n[free]\nmsft_unregister()\n  msft = hdev->msft_data;\n  hdev->msft_data = NULL;         ...(2)\n  kfree(msft);                    ...(3) <- msft is freed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\nkernel/locking/mutex.c:752\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36012', 'https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9)', 'https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac', 'https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56', 'https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940', 'https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76', 'https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36012-3062@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36012', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36012'], 'PublishedDate': '2024-05-23T07:15:08.9Z', 'LastModifiedDate': '2024-05-24T01:15:30.977Z'}, {'VulnerabilityID': 'CVE-2024-36013', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()\n\nExtend a critical section to prevent chan from early freeing.\nAlso make the l2cap_connect() return type void. Nothing is using the\nreturned value but it is ugly to return a potentially freed pointer.\nMaking it void will help with backports because earlier kernels did use\nthe return value. Now the compile will break for kernels where this\npatch is not a complete fix.\n\nCall stack summary:\n\n[use]\nl2cap_bredr_sig_cmd\n  l2cap_connect\n  ┌ mutex_lock(&conn->chan_lock);\n  │ chan = pchan->ops->new_connection(pchan); <- alloc chan\n  │ __l2cap_chan_add(conn, chan);\n  │   l2cap_chan_hold(chan);\n  │   list_add(&chan->list, &conn->chan_l);   ... (1)\n  └ mutex_unlock(&conn->chan_lock);\n    chan->conf_state              ... (4) <- use after free\n\n[free]\nl2cap_conn_del\n┌ mutex_lock(&conn->chan_lock);\n│ foreach chan in conn->chan_l:            ... (2)\n│   l2cap_chan_put(chan);\n│     l2cap_chan_destroy\n│       kfree(chan)               ... (3) <- chan freed\n└ mutex_unlock(&conn->chan_lock);\n\n==================================================================\nBUG: KASAN: slab-use-after-free in instrument_atomic_read\ninclude/linux/instrumented.h:68 [inline]\nBUG: KASAN: slab-use-after-free in _test_bit\ninclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0\nnet/bluetooth/l2cap_core.c:4260\nRead of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 7.1}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-36013', 'https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)', 'https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658', 'https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6', 'https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5', 'https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36013-0c90@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36013', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36013'], 'PublishedDate': '2024-05-23T07:15:08.987Z', 'LastModifiedDate': '2024-07-03T02:02:37.247Z'}, {'VulnerabilityID': 'CVE-2024-36021', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix kernel crash when devlink reload during pf initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36021', 'https://git.kernel.org/linus/93305b77ffcb042f1538ecc383505e87d95aa05a (6.9-rc2)', 'https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86', 'https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3', 'https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5', 'https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a', 'https://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36021-f196@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36021', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36021'], 'PublishedDate': '2024-05-30T15:15:49.193Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36022', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Init zone device and drm client after mode-1 reset on reload\n\nIn passthrough environment, when amdgpu is reloaded after unload, mode-1\nis triggered after initializing the necessary IPs, That init does not\ninclude KFD, and KFD init waits until the reset is completed. KFD init\nis called in the reset handler, but in this case, the zone device and\ndrm client is not initialized, causing app to create kernel panic.\n\nv2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create.\nAs the previous version has the potential of creating DRM client twice.\n\nv3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA\nbefore SDMA init. Adding the condition to in drm client creation, on top of v1,\nto guard against drm client creation call multiple times.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36022', 'https://git.kernel.org/linus/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 (6.9-rc1)', 'https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6', 'https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48', 'https://lore.kernel.org/linux-cve-announce/2024053013-CVE-2024-36022-fe0e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36022', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36022'], 'PublishedDate': '2024-05-30T15:15:49.263Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36024', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable idle reallow as part of command/gpint execution', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable idle reallow as part of command/gpint execution\n\n[Why]\nWorkaroud for a race condition where DMCUB is in the process of\ncommitting to IPS1 during the handshake causing us to miss the\ntransition into IPS2 and touch the INBOX1 RPTR causing a HW hang.\n\n[How]\nDisable the reallow to ensure that we have enough of a gap between entry\nand exit and we're not seeing back-to-back wake_and_executes.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36024', 'https://git.kernel.org/linus/6226a5aa77370329e01ee8abe50a95e60618ce97 (6.9-rc1)', 'https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7', 'https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97', 'https://lore.kernel.org/linux-cve-announce/2024053014-CVE-2024-36024-85b6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36024', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36024'], 'PublishedDate': '2024-05-30T15:15:49.42Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36026', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11\n\nWhile doing multiple S4 stress tests, GC/RLC/PMFW get into\nan invalid state resulting into hard hangs.\n\nAdding a GFX reset as workaround just before sending the\nMP1_UNLOAD message avoids this failure.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36026', 'https://git.kernel.org/linus/31729e8c21ecfd671458e02b6511eb68c2225113 (6.9-rc4)', 'https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5', 'https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113', 'https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d', 'https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f', 'https://lore.kernel.org/linux-cve-announce/2024053034-CVE-2024-36026-4730@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36026', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36026'], 'PublishedDate': '2024-05-30T15:15:49.577Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36244', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36244', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing "cycle == 0" check outside the "if "(!new->cycle_time)"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36244', 'https://git.kernel.org/linus/fb66df20a7201e60f2b13d7f95d031b31a8831d3 (6.10-rc2)', 'https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724', 'https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2', 'https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3', 'https://lore.kernel.org/linux-cve-announce/2024062134-CVE-2024-36244-f88f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36244', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36244'], 'PublishedDate': '2024-06-21T11:15:09.957Z', 'LastModifiedDate': '2024-06-21T11:22:01.687Z'}, {'VulnerabilityID': 'CVE-2024-36478', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36478', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: null_blk: fix null-ptr-dereference while configuring &#39;power&#39; and &#39;submit_queues&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'\n\nWriting 'power' and 'submit_queues' concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 > submit_queues; echo 4 > submit_queues; done &\nwhile true; do echo 1 > power; echo 0 > power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n <TASK>\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t  if (!dev->nullb)\n\t\t\t\t  // still set while gendisk is deleted\n\t\t\t\t   return 0\n\t\t\t\t  blk_mq_update_nr_hw_queues\n dev->nullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36478', 'https://git.kernel.org/linus/a2db328b0839312c169eb42746ec46fc1ab53ed2 (6.10-rc1)', 'https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47', 'https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2', 'https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9', 'https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36478-d249@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36478', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36478'], 'PublishedDate': '2024-06-21T11:15:10.36Z', 'LastModifiedDate': '2024-10-10T12:15:03.947Z'}, {'VulnerabilityID': 'CVE-2024-36479', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36479', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fpga: bridge: add owner module and take its refcount', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: bridge: add owner module and take its refcount\n\nThe current implementation of the fpga bridge assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module's refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the bridge if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_bridge\nstruct and use it to take the module's refcount. Modify the function for\nregistering a bridge to take an additional owner module parameter and\nrename it to avoid conflicts. Use the old function name for a helper macro\nthat automatically sets the module that registers the bridge as the owner.\nThis ensures compatibility with existing low-level control modules and\nreduces the chances of registering a bridge without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga bridge.\n\nOther changes: opportunistically move put_device() from __fpga_bridge_get()\nto fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since\nthe bridge device is taken in these functions.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36479', 'https://git.kernel.org/linus/1da11f822042eb6ef4b6064dc048f157a7852529 (6.10-rc1)', 'https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529', 'https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125', 'https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b', 'https://lore.kernel.org/linux-cve-announce/2024062459-CVE-2024-36479-ef6c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36479', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36479'], 'PublishedDate': '2024-06-24T14:15:12.157Z', 'LastModifiedDate': '2024-06-24T19:26:47.037Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36893', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: tcpm: Check for port partner validity before consuming it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: Check for port partner validity before consuming it\n\ntypec_register_partner() does not guarantee partner registration\nto always succeed. In the event of failure, port->partner is set\nto the error value or NULL. Given that port->partner validity is\nnot checked, this results in the following crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address xx\n pc : run_state_machine+0x1bc8/0x1c08\n lr : run_state_machine+0x1b90/0x1c08\n..\n Call trace:\n   run_state_machine+0x1bc8/0x1c08\n   tcpm_state_machine_work+0x94/0xe4\n   kthread_worker_fn+0x118/0x328\n   kthread+0x1d0/0x23c\n   ret_from_fork+0x10/0x20\n\nTo prevent the crash, check for port->partner validity before\nderefencing it in all the call sites.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36893', 'https://git.kernel.org/linus/ae11f04b452b5205536e1c02d31f8045eba249dd (6.9-rc7)', 'https://git.kernel.org/stable/c/2a07e6f0ad8a6e504a3912cfe8dc859b7d0740a5', 'https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637', 'https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd', 'https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57', 'https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77', 'https://lore.kernel.org/linux-cve-announce/2024053034-CVE-2024-36893-476e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36893', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36893'], 'PublishedDate': '2024-05-30T16:15:12.773Z', 'LastModifiedDate': '2024-10-17T14:15:06.23Z'}, {'VulnerabilityID': 'CVE-2024-36898', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpiolib: cdev: fix uninitialised kfifo', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix uninitialised kfifo\n\nIf a line is requested with debounce, and that results in debouncing\nin software, and the line is subsequently reconfigured to enable edge\ndetection then the allocation of the kfifo to contain edge events is\noverlooked.  This results in events being written to and read from an\nuninitialised kfifo.  Read events are returned to userspace.\n\nInitialise the kfifo in the case where the software debounce is\nalready active.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36898', 'https://git.kernel.org/linus/ee0166b637a5e376118e9659e5b4148080f1d27e (6.9)', 'https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5', 'https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2', 'https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e', 'https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e', 'https://lore.kernel.org/linux-cve-announce/2024053035-CVE-2024-36898-942c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36898', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36898'], 'PublishedDate': '2024-05-30T16:15:13.423Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36899', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip's lines is also in the release process and holds the notifier chain's\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n  --> bitmap_free(cdev->watched_lines)                  <-- freed\n  --> blocking_notifier_chain_unregister()\n    --> down_write(&nh->rwsem)                          <-- waiting rwsem\n          --> __down_write_common()\n            --> rwsem_down_write_slowpath()\n                  --> schedule_preempt_disabled()\n                    --> schedule()\n\n[use]\nst54spi_gpio_dev_release()\n  --> gpio_free()\n    --> gpiod_free()\n      --> gpiod_free_commit()\n        --> gpiod_line_state_notify()\n          --> blocking_notifier_call_chain()\n            --> down_read(&nh->rwsem);                  <-- held rwsem\n            --> notifier_call_chain()\n              --> lineinfo_changed_notify()\n                --> test_bit(xxxx, cdev->watched_lines) <-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn't. However, since the chrdev\nis being closed, userspace won't have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36899', 'https://git.kernel.org/linus/02f6b0e1ec7e0e7d059dddc893645816552039da (6.9)', 'https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da', 'https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a', 'https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239', 'https://linux.oracle.com/cve/CVE-2024-36899.html', 'https://linux.oracle.com/errata/ELSA-2024-6997.html', 'https://lore.kernel.org/linux-cve-announce/2024053035-CVE-2024-36899-bfb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36899', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36899'], 'PublishedDate': '2024-05-30T16:15:13.51Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36900', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix kernel crash when devlink reload during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash.\n\nThis patch fixes this by registering the devlink after\nhardware initialization.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36900', 'https://git.kernel.org/linus/35d92abfbad88cf947c010baf34b075e40566095 (6.9)', 'https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095', 'https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd', 'https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7', 'https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36900', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36900'], 'PublishedDate': '2024-05-30T16:15:13.6Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36903', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: Fix potential uninit-value access in __ip6_make_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in\n__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36903', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/4e13d3a9c25b7080f8a619f961e943fe08c2672c (6.9)', 'https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3', 'https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c', 'https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a', 'https://linux.oracle.com/cve/CVE-2024-36903.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024053036-CVE-2024-36903-4a60@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36903', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36903'], 'PublishedDate': '2024-05-30T16:15:13.867Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36907', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: SUNRPC: add a missing rpc_stat for TCP TLS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: add a missing rpc_stat for TCP TLS\n\nCommit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added\nfunctionality to specify rpc_stats function but missed adding it to the\nTCP TLS functionality. As the result, mounting with xprtsec=tls lead to\nthe following kernel oops.\n\n[  128.984192] Unable to handle kernel NULL pointer dereference at\nvirtual address 000000000000001c\n[  128.985058] Mem abort info:\n[  128.985372]   ESR = 0x0000000096000004\n[  128.985709]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  128.986176]   SET = 0, FnV = 0\n[  128.986521]   EA = 0, S1PTW = 0\n[  128.986804]   FSC = 0x04: level 0 translation fault\n[  128.987229] Data abort info:\n[  128.987597]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[  128.988169]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[  128.988811]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  128.989302] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106c84000\n[  128.990048] [000000000000001c] pgd=0000000000000000, p4d=0000000000000000\n[  128.990736] Internal error: Oops: 0000000096000004 [#1] SMP\n[  128.991168] Modules linked in: nfs_layout_nfsv41_files\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs\nuinput dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill\nip_set nf_tables nfnetlink qrtr vsock_loopback\nvmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock\nsunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc\nvideobuf2_v4l2 videodev videobuf2_common mc vmw_vmci xfs libcrc32c\ne1000e crct10dif_ce ghash_ce sha2_ce vmwgfx nvme sha256_arm64\nnvme_core sr_mod cdrom sha1_ce drm_ttm_helper ttm drm_kms_helper drm\nsg fuse\n[  128.996466] CPU: 0 PID: 179 Comm: kworker/u4:26 Kdump: loaded Not\ntainted 6.8.0-rc6+ #12\n[  128.997226] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS\nVMW201.00V.21805430.BA64.2305221830 05/22/2023\n[  128.998084] Workqueue: xprtiod xs_tcp_tls_setup_socket [sunrpc]\n[  128.998701] pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[  128.999384] pc : call_start+0x74/0x138 [sunrpc]\n[  128.999809] lr : __rpc_execute+0xb8/0x3e0 [sunrpc]\n[  129.000244] sp : ffff8000832b3a00\n[  129.000508] x29: ffff8000832b3a00 x28: ffff800081ac79c0 x27: ffff800081ac7000\n[  129.001111] x26: 0000000004248060 x25: 0000000000000000 x24: ffff800081596008\n[  129.001757] x23: ffff80007b087240 x22: ffff00009a509d30 x21: 0000000000000000\n[  129.002345] x20: ffff000090075600 x19: ffff00009a509d00 x18: ffffffffffffffff\n[  129.002912] x17: 733d4d4554535953 x16: 42555300312d746e x15: ffff8000832b3a88\n[  129.003464] x14: ffffffffffffffff x13: ffff8000832b3a7d x12: 0000000000000008\n[  129.004021] x11: 0101010101010101 x10: ffff8000150cb560 x9 : ffff80007b087c00\n[  129.004577] x8 : ffff00009a509de0 x7 : 0000000000000000 x6 : 00000000be8c4ee3\n[  129.005026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff000094d56680\n[  129.005425] x2 : ffff80007b0637f8 x1 : ffff000090075600 x0 : ffff00009a509d00\n[  129.005824] Call trace:\n[  129.005967]  call_start+0x74/0x138 [sunrpc]\n[  129.006233]  __rpc_execute+0xb8/0x3e0 [sunrpc]\n[  129.006506]  rpc_execute+0x160/0x1d8 [sunrpc]\n[  129.006778]  rpc_run_task+0x148/0x1f8 [sunrpc]\n[  129.007204]  tls_probe+0x80/0xd0 [sunrpc]\n[  129.007460]  rpc_ping+0x28/0x80 [sunrpc]\n[  129.007715]  rpc_create_xprt+0x134/0x1a0 [sunrpc]\n[  129.007999]  rpc_create+0x128/0x2a0 [sunrpc]\n[  129.008264]  xs_tcp_tls_setup_socket+0xdc/0x508 [sunrpc]\n[  129.008583]  process_one_work+0x174/0x3c8\n[  129.008813]  worker_thread+0x2c8/0x3e0\n[  129.009033]  kthread+0x100/0x110\n[  129.009225]  ret_from_fork+0x10/0x20\n[  129.009432] Code: f0ffffc2 911fe042 aa1403e1 aa1303e0 (b9401c83)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36907', 'https://git.kernel.org/linus/8e088a20dbe33919695a8082c0b32deb62d23b4a (6.9-rc7)', 'https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc', 'https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a', 'https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1', 'https://linux.oracle.com/cve/CVE-2024-36907.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36907-2e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36907', 'https://www.cve.org/CVERecord?id=CVE-2024-36907'], 'PublishedDate': '2024-05-30T16:15:14.223Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36908', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: blk-iocost: do not WARN if iocg was already offlined', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: do not WARN if iocg was already offlined\n\nIn iocg_pay_debt(), warn is triggered if 'active_list' is empty, which\nis intended to confirm iocg is active when it has debt. However, warn\ncan be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn()\nis run at that time:\n\n  WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190\n  Call trace:\n  iocg_pay_debt+0x14c/0x190\n  iocg_kick_waitq+0x438/0x4c0\n  iocg_waitq_timer_fn+0xd8/0x130\n  __run_hrtimer+0x144/0x45c\n  __hrtimer_run_queues+0x16c/0x244\n  hrtimer_interrupt+0x2cc/0x7b0\n\nThe warn in this situation is meaningless. Since this iocg is being\nremoved, the state of the 'active_list' is irrelevant, and 'waitq_timer'\nis canceled after removing 'active_list' in ioc_pd_free(), which ensures\niocg is freed after iocg_waitq_timer_fn() returns.\n\nTherefore, add the check if iocg was already offlined to avoid warn\nwhen removing a blkcg or disk.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36908', 'https://git.kernel.org/linus/01bc4fda9ea0a6b52f12326486f07a4910666cf6 (6.9-rc5)', 'https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6', 'https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e', 'https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36908', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36908'], 'PublishedDate': '2024-05-30T16:15:14.3Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36909', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Drivers: hv: vmbus: Don&#39;t free ring buffers that couldn&#39;t be re-encrypted', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus ring buffer code could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the struct\nvmbus_gpadl for the ring buffers to decide whether to free the memory.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36909', 'https://git.kernel.org/linus/30d18df6567be09c1433e81993e35e3da573ac48 (6.9-rc4)', 'https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039', 'https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48', 'https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0', 'https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36909', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36909'], 'PublishedDate': '2024-05-30T16:15:14.38Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36910', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Don&#39;t free decrypted memory', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus device UIO driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36910', 'https://git.kernel.org/linus/3d788b2fbe6a1a1a9e3db09742b90809d51638b7 (6.9-rc4)', 'https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7', 'https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9', 'https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54', 'https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23', 'https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36910-6949@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36910', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36910'], 'PublishedDate': '2024-05-30T16:15:14.457Z', 'LastModifiedDate': '2024-07-03T02:03:48.127Z'}, {'VulnerabilityID': 'CVE-2024-36911', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hv_netvsc: Don&#39;t free decrypted memory', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe netvsc driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36911', 'https://git.kernel.org/linus/bbf9ac34677b57506a13682b31a2a718934c0e31 (6.9-rc4)', 'https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b', 'https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4', 'https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31', 'https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36911-5ef6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36911', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36911'], 'PublishedDate': '2024-05-30T16:15:14.53Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36912', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Track decrypted status in vmbus_gpadl\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nIn order to make sure callers of vmbus_establish_gpadl() and\nvmbus_teardown_gpadl() don't return decrypted/shared pages to\nallocators, add a field in struct vmbus_gpadl to keep track of the\ndecryption status of the buffers. This will allow the callers to\nknow if they should free or leak the pages.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-1258'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36912', 'https://git.kernel.org/linus/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca (6.9-rc4)', 'https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81', 'https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca', 'https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8', 'https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99', 'https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36912-b637@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36912', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36912'], 'PublishedDate': '2024-05-30T16:15:14.607Z', 'LastModifiedDate': '2024-07-03T02:03:49.03Z'}, {'VulnerabilityID': 'CVE-2024-36913', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Leak pages if set_memory_encrypted() fails\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nVMBus code could free decrypted pages if set_memory_encrypted()/decrypted()\nfails. Leak the pages if this happens.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-1258'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36913', 'https://git.kernel.org/linus/03f5a999adba062456c8c818a683beb1b498983a (6.9-rc4)', 'https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a', 'https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6', 'https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36913', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36913'], 'PublishedDate': '2024-05-30T16:15:14.693Z', 'LastModifiedDate': '2024-07-03T02:03:49.87Z'}, {'VulnerabilityID': 'CVE-2024-36914', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip on writeback when it&#39;s not applicable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip on writeback when it\'s not applicable\n\n[WHY]\ndynamic memory safety error detector (KASAN) catches and generates error\nmessages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not\nsupport certain features which are not initialized.\n\n[HOW]\nSkip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36914', 'https://git.kernel.org/linus/ecedd99a9369fb5cde601ae9abd58bca2739f1ae (6.9-rc4)', 'https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7', 'https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d', 'https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae', 'https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36914-40cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36914', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36914'], 'PublishedDate': '2024-05-30T16:15:14.79Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36915', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36915', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n  copy_from_sockptr include/linux/sockptr.h:55 [inline]\n  nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n  do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n  __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n  __do_sys_setsockopt net/socket.c:2343 [inline]\n  __se_sys_setsockopt net/socket.c:2340 [inline]\n  __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36915', 'https://git.kernel.org/linus/7a87441c9651ba37842f4809224aca13a554a26f (6.9-rc4)', 'https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8', 'https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107', 'https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f', 'https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36915-611e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36915', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36915'], 'PublishedDate': '2024-05-30T16:15:14.887Z', 'LastModifiedDate': '2024-08-19T05:15:06.46Z'}, {'VulnerabilityID': 'CVE-2024-36917', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36917', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix overflow in blk_ioctl_discard()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of 'start + len' in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n  start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36917', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 (6.9-rc3)', 'https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa', 'https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155', 'https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee', 'https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d', 'https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6', 'https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b', 'https://linux.oracle.com/cve/CVE-2024-36917.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36917-f9e3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36917', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36917'], 'PublishedDate': '2024-05-30T16:15:15.05Z', 'LastModifiedDate': '2024-10-10T12:15:04.06Z'}, {'VulnerabilityID': 'CVE-2024-36918', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Check bloom filter map value size', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36918', 'https://git.kernel.org/linus/a8d89feba7e54e691ca7c4efc2a6264fa83f3687 (6.9-rc2)', 'https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c', 'https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687', 'https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d', 'https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36918-f8bc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36918', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36918'], 'PublishedDate': '2024-05-30T16:15:15.13Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36920', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36920', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n  memcpy: detected field-spanning write (size 128) of single field "bsg_reply_buf->reply_buf" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n  WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array "__u8\nreplay_buf[1]" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number \'1\' from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-36920', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/429846b4b6ce9853e0d803a2357bb2e55083adf0 (6.9-rc2)', 'https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0', 'https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716', 'https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa', 'https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a', 'https://linux.oracle.com/cve/CVE-2024-36920.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36920-b4a7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36920', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36920'], 'PublishedDate': '2024-05-30T16:15:15.303Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36921', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36921', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: guard against invalid STA ID on removal\n\nGuard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would\nresult in out-of-bounds array accesses. This prevents issues should the\ndriver get into a bad state during error handling.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36921', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/17f64517bf5c26af56b6c3566273aad6646c3c4f (6.9-rc2)', 'https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f', 'https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294', 'https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f', 'https://linux.oracle.com/cve/CVE-2024-36921.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36921-9f90@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36921', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36921'], 'PublishedDate': '2024-05-30T16:15:15.397Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36922', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36922', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: read txq-&gt;read_ptr under lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: read txq->read_ptr under lock\n\nIf we read txq->read_ptr without lock, we can read the same\nvalue twice, then obtain the lock, and reclaim from there\nto two different places, but crucially reclaim the same\nentry twice, resulting in the WARN_ONCE() a little later.\nFix that by reading txq->read_ptr under lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-36922', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/c2ace6300600c634553657785dfe5ea0ed688ac2 (6.9-rc2)', 'https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89', 'https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa', 'https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2', 'https://linux.oracle.com/cve/CVE-2024-36922.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36922-f0df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36922', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36922'], 'PublishedDate': '2024-05-30T16:15:15.47Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36923', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36923', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/9p: fix uninitialized values during inode evict', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized.  When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache.  Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36923', 'https://git.kernel.org/linus/6630036b7c228f57c7893ee0403e92c2db2cd21d (6.9-rc2)', 'https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd', 'https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36923-7fc8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36923', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36923'], 'PublishedDate': '2024-05-30T16:15:15.547Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36924', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36924', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock.  Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265794', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278435', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278473', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281647', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282669', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282898', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284506', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284598', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293412', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47459', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26737', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27030', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27046', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35857', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35885', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38580', 'https://errata.rockylinux.org/RLSA-2024:4928', 'https://git.kernel.org/linus/ded20192dff31c91cef2a04f7e20e60e9bb887d3 (6.9-rc2)', 'https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd', 'https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3', 'https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683', 'https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f', 'https://linux.oracle.com/cve/CVE-2024-36924.html', 'https://linux.oracle.com/errata/ELSA-2024-4928.html', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36924-6326@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36924', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36924'], 'PublishedDate': '2024-05-30T16:15:15.723Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36927', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36927', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv4: Fix uninit-value access in __ip_make_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1].  __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4->flowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4->fl4_icmp_type and fl4->fl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36927', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/fc1092f51567277509563800a3c56732070b6aa4 (6.9-rc7)', 'https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818', 'https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e', 'https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4', 'https://linux.oracle.com/cve/CVE-2024-36927.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36927-976e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36927', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36927'], 'PublishedDate': '2024-05-30T16:15:15.957Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36945', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36945', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/smc: fix neighbour and rtable leak in smc_ib_find_route()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix neighbour and rtable leak in smc_ib_find_route()\n\nIn smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable\nresolved by ip_route_output_flow() are not released or put before return.\nIt may cause the refcount leak, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5101', 'https://access.redhat.com/security/cve/CVE-2024-36945', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265650', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2266594', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2270700', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273117', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275744', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281189', 'https://bugzilla.redhat.com/2281190', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282690', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284465', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293367', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2297558', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5101.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 (6.9)', 'https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06', 'https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2', 'https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff', 'https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db', 'https://linux.oracle.com/cve/CVE-2024-36945.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36945-18ae@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36945', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36945'], 'PublishedDate': '2024-05-30T16:15:17.48Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36948', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/xe_migrate: Cast to output precision before multiplying operands', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_migrate: Cast to output precision before multiplying operands\n\nAddressing potential overflow in result of  multiplication of two lower\nprecision (u32) operands before widening it to higher precision\n(u64).\n\n-v2\nFix commit message and description. (Rodrigo)\n\n(cherry picked from commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36948', 'https://git.kernel.org/linus/9cb46b31f3d08ed3fce86349e8c12f96d7c88717 (6.9-rc4)', 'https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717', 'https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36948', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36948'], 'PublishedDate': '2024-05-30T16:15:17.737Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36949', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: amd/amdkfd: sync all devices to wait all processes being evicted', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36949', 'https://git.kernel.org/linus/d06af584be5a769d124b7302b32a033e9559761d (6.9-rc4)', 'https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58', 'https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d', 'https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36949', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36949'], 'PublishedDate': '2024-05-30T16:15:17.93Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36951', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: range check cp bad op exception interrupts', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: range check cp bad op exception interrupts\n\nDue to a CP interrupt bug, bad packet garbage exception codes are raised.\nDo a range check so that the debugger and runtime do not receive garbage\ncodes.\nUpdate the user api to guard exception code type checking as well.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36951', 'https://git.kernel.org/linus/0cac183b98d8a8c692c98e8dba37df15a9e9210d (6.9-rc2)', 'https://git.kernel.org/stable/c/0cac183b98d8a8c692c98e8dba37df15a9e9210d', 'https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2', 'https://git.kernel.org/stable/c/b6735bfe941486c5dfc9c3085d2d75d4923f9449', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36951-d3cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36951', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36951'], 'PublishedDate': '2024-05-30T16:15:18.08Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36966', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: erofs: reliably distinguish block based and fscache mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: reliably distinguish block based and fscache mode\n\nWhen erofs_kill_sb() is called in block dev based mode, s_bdev may not\nhave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,\nit will be mistaken for fscache mode, and then attempt to free an anon_dev\nthat has never been allocated, triggering the following warning:\n\n============================================\nida_free called for id=0 which is not allocated.\nWARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140\nModules linked in:\nCPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630\nRIP: 0010:ida_free+0x134/0x140\nCall Trace:\n <TASK>\n erofs_kill_sb+0x81/0x90\n deactivate_locked_super+0x35/0x80\n get_tree_bdev+0x136/0x1e0\n vfs_get_tree+0x2c/0xf0\n do_new_mount+0x190/0x2f0\n [...]\n============================================\n\nNow when erofs_kill_sb() is called, erofs_sb_info must have been\ninitialised, so use sbi->fsid to distinguish between the two modes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36966', 'https://git.kernel.org/linus/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 (6.9-rc7)', 'https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606', 'https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe', 'https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371', 'https://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36966-8bbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36966', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36966'], 'PublishedDate': '2024-06-08T13:15:57.917Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-36968', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36968', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev->le_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G        W          6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS:  0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\nModules linked in:\n---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190', 'CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36968', 'https://git.kernel.org/linus/a5b862c6a221459d54e494e88965b48dcfa6cc44 (6.10-rc1)', 'https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8', 'https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44', 'https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674', 'https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30', 'https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36968', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36968'], 'PublishedDate': '2024-06-08T13:15:58.093Z', 'LastModifiedDate': '2024-07-17T16:59:39.987Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-37021', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-37021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fpga: manager: add owner module and take its refcount', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: manager: add owner module and take its refcount\n\nThe current implementation of the fpga manager assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module's refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the manager if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_manager\nstruct and use it to take the module's refcount. Modify the functions for\nregistering the manager to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the manager as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a manager without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga manager.\n\nOther changes: opportunistically move put_device() from __fpga_mgr_get() to\nfpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the\nmanager device is taken in these functions.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-37021', 'https://git.kernel.org/linus/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9 (6.10-rc1)', 'https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad', 'https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9', 'https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb', 'https://lore.kernel.org/linux-cve-announce/2024062459-CVE-2024-37021-13d4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-37021', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-37021'], 'PublishedDate': '2024-06-24T14:15:12.237Z', 'LastModifiedDate': '2024-06-24T19:26:47.037Z'}, {'VulnerabilityID': 'CVE-2024-37354', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-37354', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix crash on racing fsync and size-extending write into prealloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n  BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n  ------------[ cut here ]------------\n  kernel BUG at fs/btrfs/ctree.c:2620!\n  invalid opcode: 0000 [#1] PREEMPT SMP PTI\n  CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n  RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n  #0  btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n  #1  btrfs_drop_extents (fs/btrfs/file.c:411:4)\n  #2  log_one_extent (fs/btrfs/tree-log.c:4732:9)\n  #3  btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n  #4  btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n  #5  btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n  #6  btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n  #7  btrfs_sync_file (fs/btrfs/file.c:1933:8)\n  #8  vfs_fsync_range (fs/sync.c:188:9)\n  #9  vfs_fsync (fs/sync.c:202:9)\n  #10 do_fsync (fs/sync.c:212:9)\n  #11 __do_sys_fdatasync (fs/sync.c:225:9)\n  #12 __se_sys_fdatasync (fs/sync.c:223:1)\n  #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n  #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n  #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n  #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we\'re logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n  >>> print_extent_buffer(prog.crashed_thread().stack_trace()[0]["eb"])\n  leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n  leaf 33439744 flags 0x100000000000000\n  fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n  chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n          item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n                  generation 7 transid 9 size 8192 nbytes 8473563889606862198\n                  block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n                  sequence 204 flags 0x10(PREALLOC)\n                  atime 1716417703.220000000 (2024-05-22 15:41:43)\n                  ctime 1716417704.983333333 (2024-05-22 15:41:44)\n                  mtime 1716417704.983333333 (2024-05-22 15:41:44)\n                  otime 17592186044416.000000000 (559444-03-08 01:40:16)\n          item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n                  index 195 namelen 3 name: 193\n          item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n                  location key (0 UNKNOWN.0 0) type XATTR\n                  transid 7 data_len 1 name_len 6\n                  name: user.a\n                  data a\n          item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n                  generation 9 type 1 (regular)\n                  extent data disk byte 303144960 nr 12288\n                  extent data offset 0 nr 4096 ram 12288\n                  extent compression 0 (none)\n          item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n                  generation 9 type 2 (prealloc)\n                  prealloc data disk byte 303144960 nr 12288\n                  prealloc data offset 4096 nr 8192\n          item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n                  generation 9 type 2 (prealloc)\n                  prealloc data disk byte 303144960 nr 12288\n                  prealloc data offset 8192 nr 4096\n  ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-37354', 'https://git.kernel.org/linus/9d274c19a71b3a276949933859610721a453946b (6.10-rc3)', 'https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428', 'https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097', 'https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b', 'https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011', 'https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-37354', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-37354'], 'PublishedDate': '2024-06-25T15:15:13.177Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-38306', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: protect folio::private when attaching extent buffer folios', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: protect folio::private when attaching extent buffer folios\n\n[BUG]\nSince v6.8 there are rare kernel crashes reported by various people,\nthe common factor is bad page status error messages like this:\n\n  BUG: Bad page state in process kswapd0  pfn:d6e840\n  page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c\n  pfn:0xd6e840\n  aops:btree_aops ino:1\n  flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff)\n  page_type: 0xffffffff()\n  raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0\n  raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000\n  page dumped because: non-NULL mapping\n\n[CAUSE]\nCommit 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method") changes the sequence when allocating a new\nextent buffer.\n\nPreviously we always called grab_extent_buffer() under\nmapping->i_private_lock, to ensure the safety on modification on\nfolio::private (which is a pointer to extent buffer for regular\nsectorsize).\n\nThis can lead to the following race:\n\nThread A is trying to allocate an extent buffer at bytenr X, with 4\n4K pages, meanwhile thread B is trying to release the page at X + 4K\n(the second page of the extent buffer at X).\n\n           Thread A                |                 Thread B\n-----------------------------------+-------------------------------------\n                                   | btree_release_folio()\n\t\t\t\t   | | This is for the page at X + 4K,\n\t\t\t\t   | | Not page X.\n\t\t\t\t   | |\nalloc_extent_buffer()              | |- release_extent_buffer()\n|- filemap_add_folio() for the     | |  |- atomic_dec_and_test(eb->refs)\n|  page at bytenr X (the first     | |  |\n|  page).                          | |  |\n|  Which returned -EEXIST.         | |  |\n|                                  | |  |\n|- filemap_lock_folio()            | |  |\n|  Returned the first page locked. | |  |\n|                                  | |  |\n|- grab_extent_buffer()            | |  |\n|  |- atomic_inc_not_zero()        | |  |\n|  |  Returned false               | |  |\n|  |- folio_detach_private()       | |  |- folio_detach_private() for X\n|     |- folio_test_private()      | |     |- folio_test_private()\n      |  Returned true             | |     |  Returned true\n      |- folio_put()               |       |- folio_put()\n\nNow there are two puts on the same folio at folio X, leading to refcount\nunderflow of the folio X, and eventually causing the BUG_ON() on the\npage->mapping.\n\nThe condition is not that easy to hit:\n\n- The release must be triggered for the middle page of an eb\n  If the release is on the same first page of an eb, page lock would kick\n  in and prevent the race.\n\n- folio_detach_private() has a very small race window\n  It\'s only between folio_test_private() and folio_clear_private().\n\nThat\'s exactly when mapping->i_private_lock is used to prevent such race,\nand commit 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method") screwed that up.\n\nAt that time, I thought the page lock would kick in as\nfilemap_release_folio() also requires the page to be locked, but forgot\nthe filemap_release_folio() only locks one page, not all pages of an\nextent buffer.\n\n[FIX]\nMove all the code requiring i_private_lock into\nattach_eb_folio_to_filemap(), so that everything is done with proper\nlock protection.\n\nFurthermore to prevent future problems, add an extra\nlockdep_assert_locked() to ensure we\'re holding the proper lock.\n\nTo reproducer that is able to hit the race (takes a few minutes with\ninstrumented code inserting delays to alloc_extent_buffer()):\n\n  #!/bin/sh\n  drop_caches () {\n\t  while(true); do\n\t\t  echo 3 > /proc/sys/vm/drop_caches\n\t\t  echo 1 > /proc/sys/vm/compact_memory\n\t  done\n  }\n\n  run_tar () {\n\t  while(true); do\n\t\t  for x in `seq 1 80` ; do\n\t\t\t  tar cf /dev/zero /mnt > /dev/null &\n\t\t  done\n\t\t  wait\n\t  done\n  }\n\n  mkfs.btrfs -f -d single -m single\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38306', 'https://git.kernel.org/linus/f3a5367c679d31473d3fbb391675055b4792c309 (6.10-rc3)', 'https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b', 'https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38306', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38306'], 'PublishedDate': '2024-06-25T15:15:13.367Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-38538', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38538', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: xmit: make sure we have at least eth header len bytes', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: xmit: make sure we have at least eth header len bytes\n\nsyzbot triggered an uninit value[1] error in bridge device's xmit path\nby sending a short (less than ETH_HLEN bytes) skb. To fix it check if\nwe can actually pull that amount instead of assuming.\n\nTested with dropwatch:\n drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)\n origin: software\n timestamp: Mon May 13 11:31:53 2024 778214037 nsec\n protocol: 0x88a8\n length: 2\n original length: 2\n drop reason: PKT_TOO_SMALL\n\n[1]\nBUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n __bpf_tx_skb net/core/filter.c:2136 [inline]\n __bpf_redirect_common net/core/filter.c:2180 [inline]\n __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187\n ____bpf_clone_redirect net/core/filter.c:2460 [inline]\n bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432\n ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238\n bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]\n __bpf_prog_run include/linux/filter.h:657 [inline]\n bpf_prog_run include/linux/filter.h:664 [inline]\n bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425\n bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058\n bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678\n __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]\n __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765\n x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-38538', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc (6.10-rc1)', 'https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5', 'https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2', 'https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a', 'https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc', 'https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2', 'https://linux.oracle.com/cve/CVE-2024-38538.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38538-e28a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38538', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38538'], 'PublishedDate': '2024-06-19T14:15:14.107Z', 'LastModifiedDate': '2024-08-29T02:26:05.03Z'}, {'VulnerabilityID': 'CVE-2024-38540', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38540', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.\nIn that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n  UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n  shift exponent 64 is too large for 64-bit type \'long unsigned int\'\n  CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n  Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x5d/0x80\n   ubsan_epilogue+0x5/0x30\n   __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n   __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n   bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n   bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n   bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __kmalloc+0x1b6/0x4f0\n   ? create_qp.part.0+0x128/0x1c0 [ib_core]\n   ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n   create_qp.part.0+0x128/0x1c0 [ib_core]\n   ib_create_qp_kernel+0x50/0xd0 [ib_core]\n   create_mad_qp+0x8e/0xe0 [ib_core]\n   ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n   ib_mad_init_device+0x2be/0x680 [ib_core]\n   add_client_context+0x10d/0x1a0 [ib_core]\n   enable_device_and_get+0xe0/0x1d0 [ib_core]\n   ib_register_device+0x53c/0x630 [ib_core]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n   ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n   auxiliary_bus_probe+0x49/0x80\n   ? driver_sysfs_add+0x57/0xc0\n   really_probe+0xde/0x340\n   ? pm_runtime_barrier+0x54/0x90\n   ? __pfx___driver_attach+0x10/0x10\n   __driver_probe_device+0x78/0x110\n   driver_probe_device+0x1f/0xa0\n   __driver_attach+0xba/0x1c0\n   bus_for_each_dev+0x8f/0xe0\n   bus_add_driver+0x146/0x220\n   driver_register+0x72/0xd0\n   __auxiliary_driver_register+0x6e/0xd0\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   do_one_initcall+0x5b/0x310\n   do_init_module+0x90/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x121/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x82/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode_prepare+0x149/0x170\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode+0x75/0x230\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_syscall_64+0x8e/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __count_memcg_events+0x69/0x100\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? count_memcg_events.constprop.0+0x1a/0x30\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? handle_mm_fault+0x1f0/0x300\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_user_addr_fault+0x34e/0x640\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f4e5132821d\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n  RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n  RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n  R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n  R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n   </TASK>\n  ---[ end trace ]---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38540', 'https://git.kernel.org/linus/78cfd17142ef70599d6409cbd709d94b3da58659 (6.10-rc1)', 'https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc', 'https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659', 'https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753', 'https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98', 'https://linux.oracle.com/cve/CVE-2024-38540.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38540-1d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38540', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38540'], 'PublishedDate': '2024-06-19T14:15:14.29Z', 'LastModifiedDate': '2024-06-20T12:44:01.637Z'}, {'VulnerabilityID': 'CVE-2024-38541', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38541', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of: module: add buffer overflow check in of_modalias()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer's end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-120'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38541', 'https://git.kernel.org/linus/cf7385cb26ac4f0ee6c7385960525ad534323252 (6.10-rc1)', 'https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6', 'https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252', 'https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a', 'https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38541-53d0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38541', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38541'], 'PublishedDate': '2024-06-19T14:15:14.383Z', 'LastModifiedDate': '2024-07-03T02:05:10.09Z'}, {'VulnerabilityID': 'CVE-2024-38543', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38543', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib/test_hmm.c: handle src_pfns and dst_pfns allocation failure\n\nThe kcalloc() in dmirror_device_evict_chunk() will return null if the\nphysical memory has run out.  As a result, if src_pfns or dst_pfns is\ndereferenced, the null pointer dereference bug will happen.\n\nMoreover, the device is going away.  If the kcalloc() fails, the pages\nmapping a chunk could not be evicted.  So add a __GFP_NOFAIL flag in\nkcalloc().\n\nFinally, as there is no need to have physically contiguous memory, Switch\nkcalloc() to kvcalloc() in order to avoid failing allocations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273082', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273466', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281131', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293230', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293456', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294225', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663', 'https://errata.rockylinux.org/RLSA-2024:4583', 'https://git.kernel.org/linus/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 (6.10-rc1)', 'https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64', 'https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc', 'https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33', 'https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3', 'https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7', 'https://linux.oracle.com/cve/CVE-2024-38543.html', 'https://linux.oracle.com/errata/ELSA-2024-4583.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38543-ff2e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38543', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38543'], 'PublishedDate': '2024-06-19T14:15:14.587Z', 'LastModifiedDate': '2024-08-29T02:24:30.617Z'}, {'VulnerabilityID': 'CVE-2024-38544', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38544', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix seg fault in rxe_comp_queue_pkt\n\nIn rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the\nresp_pkts queue and then a decision is made whether to run the completer\ntask inline or schedule it. Finally the skb is dereferenced to bump a 'hw'\nperformance counter. This is wrong because if the completer task is\nalready running in a separate thread it may have already processed the skb\nand freed it which can cause a seg fault.  This has been observed\ninfrequently in testing at high scale.\n\nThis patch fixes this by changing the order of enqueuing the packet until\nafter the counter is accessed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38544', 'https://git.kernel.org/linus/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 (6.10-rc1)', 'https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794', 'https://git.kernel.org/stable/c/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6', 'https://git.kernel.org/stable/c/30df4bef8b8e183333e9b6e9d4509d552c7da6eb', 'https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc', 'https://git.kernel.org/stable/c/de5a059e36657442b5637cc16df5163e435b9cb4', 'https://git.kernel.org/stable/c/e0e14dd35d4242340c7346aac60c7ff8fbf87ffc', 'https://git.kernel.org/stable/c/faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19', 'https://linux.oracle.com/cve/CVE-2024-38544.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061949-CVE-2024-38544-601b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38544', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38544'], 'PublishedDate': '2024-06-19T14:15:14.687Z', 'LastModifiedDate': '2024-10-17T14:15:06.36Z'}, {'VulnerabilityID': 'CVE-2024-38545', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38545', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix UAF for cq async event', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix UAF for cq async event\n\nThe refcount of CQ is not protected by locks. When CQ asynchronous\nevents and CQ destruction are concurrent, CQ may have been released,\nwhich will cause UAF.\n\nUse the xa_lock() to protect the CQ refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38545', 'https://git.kernel.org/linus/a942ec2745ca864cd8512142100e4027dc306a42 (6.10-rc1)', 'https://git.kernel.org/stable/c/330c825e66ef65278e4ebe57fd49c1d6f3f4e34e', 'https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507', 'https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911', 'https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08', 'https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf', 'https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42', 'https://lore.kernel.org/linux-cve-announce/2024061949-CVE-2024-38545-7161@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38545', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38545'], 'PublishedDate': '2024-06-19T14:15:14.787Z', 'LastModifiedDate': '2024-10-17T14:15:06.45Z'}, {'VulnerabilityID': 'CVE-2024-38553', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: fec: remove .ndo_poll_controller to avoid deadlocks', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: remove .ndo_poll_controller to avoid deadlocks\n\nThere is a deadlock issue found in sungem driver, please refer to the\ncommit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid\ndeadlocks"). The root cause of the issue is that netpoll is in atomic\ncontext and disable_irq() is called by .ndo_poll_controller interface\nof sungem driver, however, disable_irq() might sleep. After analyzing\nthe implementation of fec_poll_controller(), the fec driver should have\nthe same issue. Due to the fec driver uses NAPI for TX completions, the\n.ndo_poll_controller is unnecessary to be implemented in the fec driver,\nso fec_poll_controller() can be safely removed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38553', 'https://git.kernel.org/linus/c2e0c58b25a0a0c37ec643255558c5af4450c9f5 (6.10-rc1)', 'https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f', 'https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243', 'https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5', 'https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e', 'https://lore.kernel.org/linux-cve-announce/2024061951-CVE-2024-38553-2e34@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38553', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38553'], 'PublishedDate': '2024-06-19T14:15:15.55Z', 'LastModifiedDate': '2024-08-27T19:45:18.157Z'}, {'VulnerabilityID': 'CVE-2024-38554', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38554', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: Fix reference count leak issue of net_device', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object "net_device" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev->ax25_ptr is set to null.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38554', 'https://git.kernel.org/linus/36e56b1b002bb26440403053f19f9e1a8bc075b2 (6.10-rc1)', 'https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2', 'https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad', 'https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a', 'https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b', 'https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9', 'https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38554-29b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38554', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38554'], 'PublishedDate': '2024-06-19T14:15:15.627Z', 'LastModifiedDate': '2024-08-27T19:55:32.897Z'}, {'VulnerabilityID': 'CVE-2024-38556', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38556', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Add a timeout to acquire the command queue semaphore', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38556', 'https://git.kernel.org/linus/485d65e1357123a697c591a5aeb773994b247ad7 (6.10-rc1)', 'https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918', 'https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7', 'https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6', 'https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b', 'https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319', 'https://linux.oracle.com/cve/CVE-2024-38556.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38556-8afa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38556', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38556'], 'PublishedDate': '2024-06-19T14:15:15.81Z', 'LastModifiedDate': '2024-06-20T12:44:01.637Z'}, {'VulnerabilityID': 'CVE-2024-38557', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38557', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Reload only IB representors upon lag disable/enable', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Reload only IB representors upon lag disable/enable\n\nOn lag disable, the bond IB device along with all of its\nrepresentors are destroyed, and then the slaves' representors get reloaded.\n\nIn case the slave IB representor load fails, the eswitch error flow\nunloads all representors, including ethernet representors, where the\nnetdevs get detached and removed from lag bond. Such flow is inaccurate\nas the lag driver is not responsible for loading/unloading ethernet\nrepresentors. Furthermore, the flow described above begins by holding\nlag lock to prevent bond changes during disable flow. However, when\nreaching the ethernet representors detachment from lag, the lag lock is\nrequired again, triggering the following deadlock:\n\nCall trace:\n__switch_to+0xf4/0x148\n__schedule+0x2c8/0x7d0\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x28\n__mutex_lock.isra.13+0x2b8/0x570\n__mutex_lock_slowpath+0x1c/0x28\nmutex_lock+0x4c/0x68\nmlx5_lag_remove_netdev+0x3c/0x1a0 [mlx5_core]\nmlx5e_uplink_rep_disable+0x70/0xa0 [mlx5_core]\nmlx5e_detach_netdev+0x6c/0xb0 [mlx5_core]\nmlx5e_netdev_change_profile+0x44/0x138 [mlx5_core]\nmlx5e_netdev_attach_nic_profile+0x28/0x38 [mlx5_core]\nmlx5e_vport_rep_unload+0x184/0x1b8 [mlx5_core]\nmlx5_esw_offloads_rep_load+0xd8/0xe0 [mlx5_core]\nmlx5_eswitch_reload_reps+0x74/0xd0 [mlx5_core]\nmlx5_disable_lag+0x130/0x138 [mlx5_core]\nmlx5_lag_disable_change+0x6c/0x70 [mlx5_core] // hold ldev->lock\nmlx5_devlink_eswitch_mode_set+0xc0/0x410 [mlx5_core]\ndevlink_nl_cmd_eswitch_set_doit+0xdc/0x180\ngenl_family_rcv_msg_doit.isra.17+0xe8/0x138\ngenl_rcv_msg+0xe4/0x220\nnetlink_rcv_skb+0x44/0x108\ngenl_rcv+0x40/0x58\nnetlink_unicast+0x198/0x268\nnetlink_sendmsg+0x1d4/0x418\nsock_sendmsg+0x54/0x60\n__sys_sendto+0xf4/0x120\n__arm64_sys_sendto+0x30/0x40\nel0_svc_common+0x8c/0x120\ndo_el0_svc+0x30/0xa0\nel0_svc+0x20/0x30\nel0_sync_handler+0x90/0xb8\nel0_sync+0x160/0x180\n\nThus, upon lag enable/disable, load and unload only the IB representors\nof the slaves preventing the deadlock mentioned above.\n\nWhile at it, refactor the mlx5_esw_offloads_rep_load() function to have\na static helper method for its internal logic, in symmetry with the\nrepresentor unload design.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38557', 'https://git.kernel.org/linus/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4 (6.10-rc1)', 'https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4', 'https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07', 'https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a', 'https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc', 'https://lore.kernel.org/linux-cve-announce/2024061953-CVE-2024-38557-2cb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38557', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38557'], 'PublishedDate': '2024-06-19T14:15:15.9Z', 'LastModifiedDate': '2024-08-29T02:23:35.88Z'}, {'VulnerabilityID': 'CVE-2024-38564', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type <> attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38564', 'https://git.kernel.org/linus/543576ec15b17c0c93301ac8297333c7b6e84ac7 (6.10-rc1)', 'https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7', 'https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d', 'https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd', 'https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172', 'https://lore.kernel.org/linux-cve-announce/2024061955-CVE-2024-38564-b069@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38564', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38564'], 'PublishedDate': '2024-06-19T14:15:16.56Z', 'LastModifiedDate': '2024-06-20T12:44:01.637Z'}, {'VulnerabilityID': 'CVE-2024-38594', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38594', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: stmmac: move the EST lock to struct stmmac_priv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: move the EST lock to struct stmmac_priv\n\nReinitialize the whole EST structure would also reset the mutex\nlock which is embedded in the EST structure, and then trigger\nthe following warning. To address this, move the lock to struct\nstmmac_priv. We also need to reacquire the mutex lock when doing\nthis initialization.\n\nDEBUG_LOCKS_WARN_ON(lock->magic != lock)\nWARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/0x1068\n Modules linked in:\n CPU: 3 PID: 505 Comm: tc Not tainted 6.9.0-rc6-00053-g0106679839f7-dirty #29\n Hardware name: NXP i.MX8MPlus EVK board (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __mutex_lock+0xd84/0x1068\n lr : __mutex_lock+0xd84/0x1068\n sp : ffffffc0864e3570\n x29: ffffffc0864e3570 x28: ffffffc0817bdc78 x27: 0000000000000003\n x26: ffffff80c54f1808 x25: ffffff80c9164080 x24: ffffffc080d723ac\n x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffc083bc3000 x18: ffffffffffffffff\n x17: ffffffc08117b080 x16: 0000000000000002 x15: ffffff80d2d40000\n x14: 00000000000002da x13: ffffff80d2d404b8 x12: ffffffc082b5a5c8\n x11: ffffffc082bca680 x10: ffffffc082bb2640 x9 : ffffffc082bb2698\n x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000000001\n x5 : ffffff8178fe0d48 x4 : 0000000000000000 x3 : 0000000000000027\n x2 : ffffff8178fe0d50 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n  __mutex_lock+0xd84/0x1068\n  mutex_lock_nested+0x28/0x34\n  tc_setup_taprio+0x118/0x68c\n  stmmac_setup_tc+0x50/0xf0\n  taprio_change+0x868/0xc9c', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38594', 'https://git.kernel.org/linus/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197 (6.10-rc1)', 'https://git.kernel.org/stable/c/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197', 'https://git.kernel.org/stable/c/487f9030b1ef34bab123f2df2a4ccbe01ba84416', 'https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312', 'https://git.kernel.org/stable/c/b538fefeb1026aad9dcdcbb410c42b56dff8aae9', 'https://lore.kernel.org/linux-cve-announce/2024061955-CVE-2024-38594-75c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38594', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38594'], 'PublishedDate': '2024-06-19T14:15:19.467Z', 'LastModifiedDate': '2024-10-10T12:15:04.243Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-38625', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38625', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Check &#39;folio&#39; pointer for NULL', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38625', 'https://git.kernel.org/linus/1cd6c96219c429ebcfa8e79a865277376c563803 (6.10-rc1)', 'https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803', 'https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8', 'https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641', 'https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38625-2694@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38625', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38625'], 'PublishedDate': '2024-06-21T11:15:11.43Z', 'LastModifiedDate': '2024-06-21T11:22:01.687Z'}, {'VulnerabilityID': 'CVE-2024-38628', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38628', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.\n\nHang on to the control IDs instead of pointers since those are correctly\nhandled with locks.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38628', 'https://git.kernel.org/linus/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 (6.10-rc1)', 'https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464', 'https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0', 'https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09', 'https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068', 'https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38628-e2db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38628', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38628'], 'PublishedDate': '2024-06-21T11:15:11.66Z', 'LastModifiedDate': '2024-06-21T11:22:01.687Z'}, {'VulnerabilityID': 'CVE-2024-38632', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38632', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vfio/pci: fix potential memory leak in vfio_intx_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38632', 'https://git.kernel.org/linus/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 (6.10-rc1)', 'https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376', 'https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140', 'https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2', 'https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079', 'https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594', 'https://lore.kernel.org/linux-cve-announce/2024062142-CVE-2024-38632-eaf6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38632', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38632'], 'PublishedDate': '2024-06-21T11:15:11.96Z', 'LastModifiedDate': '2024-10-17T14:15:06.73Z'}, {'VulnerabilityID': 'CVE-2024-38667', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: prevent pt_regs corruption for secondary idle threads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: prevent pt_regs corruption for secondary idle threads\n\nTop of the kernel thread stack should be reserved for pt_regs. However\nthis is not the case for the idle threads of the secondary boot harts.\nTheir stacks overlap with their pt_regs, so both may get corrupted.\n\nSimilar issue has been fixed for the primary hart, see c7cdd96eca28\n("riscv: prevent stack corruption by reserving task_pt_regs(p) early").\nHowever that fix was not propagated to the secondary harts. The problem\nhas been noticed in some CPU hotplug tests with V enabled. The function\nsmp_callin stored several registers on stack, corrupting top of pt_regs\nstructure including status field. As a result, kernel attempted to save\nor restore inexistent V context.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38667', 'https://git.kernel.org/linus/a638b0461b58aa3205cd9d5f14d6f703d795b4af (6.10-rc2)', 'https://git.kernel.org/stable/c/0c1f28c32a194303da630fca89481334b9547b80', 'https://git.kernel.org/stable/c/3090c06d50eaa91317f84bf3eac4c265e6cb8d44', 'https://git.kernel.org/stable/c/a638b0461b58aa3205cd9d5f14d6f703d795b4af', 'https://git.kernel.org/stable/c/ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e', 'https://lore.kernel.org/linux-cve-announce/2024062431-CVE-2024-38667-83a6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38667', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38667'], 'PublishedDate': '2024-06-24T14:15:12.79Z', 'LastModifiedDate': '2024-06-26T13:53:56.883Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39298', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS:  00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n </TASK>\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types  pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n <TASK>\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n </TASK>\n\nThe root cause should be the below race:\n\n memory_failure\n  try_memory_failure_hugetlb\n   me_huge_page\n    __page_handle_poison\n     dissolve_free_hugetlb_folio\n     drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n     take_page_off_buddy -- Failed as page is not in the \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39298', 'https://git.kernel.org/linus/8cf360b9d6a840700e06864236a01a883b34bbad (6.10-rc1)', 'https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b', 'https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd', 'https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad', 'https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e', 'https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39298', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39298'], 'PublishedDate': '2024-06-25T15:15:14.16Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39463', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39463', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: 9p: add missing locking around taking dentry fid list', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry's d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39463', 'https://git.kernel.org/linus/c898afdc15645efb555acb6d85b484eb40a45409 (6.10-rc2)', 'https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb', 'https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409', 'https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456', 'https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5', 'https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4', 'https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39463-42c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39463', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39463', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1194/'], 'PublishedDate': '2024-06-25T15:15:14.76Z', 'LastModifiedDate': '2024-10-17T14:15:06.833Z'}, {'VulnerabilityID': 'CVE-2024-39497', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39497', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39497', 'https://git.kernel.org/linus/39bc27bd688066a63e56f7f64ad34fae03fbe3b8 (6.10-rc2)', 'https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86', 'https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263', 'https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8', 'https://lore.kernel.org/linux-cve-announce/2024071202-CVE-2024-39497-834c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39497', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39497'], 'PublishedDate': '2024-07-12T13:15:12.32Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-39508', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39508', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n<snip>\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n<snip>\n\nLine numbers against commit 18daea77cca6 ("Merge tag \'for-linus\' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic "and" and "or" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39508', 'https://git.kernel.org/linus/8a565304927fbd28c9f028c492b5c1714002cbab (6.10-rc1)', 'https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bf', 'https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbab', 'https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0', 'https://lore.kernel.org/linux-cve-announce/2024071206-CVE-2024-39508-20c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39508', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39508'], 'PublishedDate': '2024-07-12T13:15:13.13Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40900', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: remove requests from xarray during flushing requests', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: remove requests from xarray during flushing requests\n\nEven with CACHEFILES_DEAD set, we can still read the requests, so in the\nfollowing concurrency the request may be used after it has been freed:\n\n     mount  |   daemon_thread1    |    daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n  cachefiles_ondemand_send_req\n   REQ_A = kzalloc(sizeof(*req) + data_len)\n   wait_for_completion(&REQ_A->done)\n            cachefiles_daemon_read\n             cachefiles_ondemand_daemon_read\n                                  // close dev fd\n                                  cachefiles_flush_reqs\n                                   complete(&REQ_A->done)\n   kfree(REQ_A)\n              xa_lock(&cache->reqs);\n              cachefiles_ondemand_select_req\n                req->msg.opcode != CACHEFILES_OP_READ\n                // req use-after-free !!!\n              xa_unlock(&cache->reqs);\n                                   xa_destroy(&cache->reqs)\n\nHence remove requests from cache->reqs when flushing them to avoid\naccessing freed requests.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40900', 'https://git.kernel.org/linus/0fc75c5940fa634d84e64c93bfc388e1274ed013 (6.10-rc4)', 'https://git.kernel.org/stable/c/0fc75c5940fa634d84e64c93bfc388e1274ed013', 'https://git.kernel.org/stable/c/37e19cf86a520d65de1de9cb330415c332a40d19', 'https://git.kernel.org/stable/c/50d0e55356ba5b84ffb51c42704126124257e598', 'https://git.kernel.org/stable/c/9f13aacdd4ee9a7644b2a3c96d67113cd083c9c7', 'https://lore.kernel.org/linux-cve-announce/2024071207-CVE-2024-40900-7497@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40900', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40900'], 'PublishedDate': '2024-07-12T13:15:13.433Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40910', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: Fix refcount imbalance on inbound connections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount imbalance on inbound connections\n\nWhen releasing a socket in ax25_release(), we call netdev_put() to\ndecrease the refcount on the associated ax.25 device. However, the\nexecution path for accepting an incoming connection never calls\nnetdev_hold(). This imbalance leads to refcount errors, and ultimately\nto kernel crashes.\n\nA typical call trace for the above situation will start with one of the\nfollowing errors:\n\n    refcount_t: decrement hit 0; leaking memory.\n    refcount_t: underflow; use-after-free.\n\nAnd will then have a trace like:\n\n    Call Trace:\n    <TASK>\n    ? show_regs+0x64/0x70\n    ? __warn+0x83/0x120\n    ? refcount_warn_saturate+0xb2/0x100\n    ? report_bug+0x158/0x190\n    ? prb_read_valid+0x20/0x30\n    ? handle_bug+0x3e/0x70\n    ? exc_invalid_op+0x1c/0x70\n    ? asm_exc_invalid_op+0x1f/0x30\n    ? refcount_warn_saturate+0xb2/0x100\n    ? refcount_warn_saturate+0xb2/0x100\n    ax25_release+0x2ad/0x360\n    __sock_release+0x35/0xa0\n    sock_close+0x19/0x20\n    [...]\n\nOn reboot (or any attempt to remove the interface), the kernel gets\nstuck in an infinite loop:\n\n    unregister_netdevice: waiting for ax0 to become free. Usage count = 0\n\nThis patch corrects these issues by ensuring that we call netdev_hold()\nand ax25_dev_hold() for new connections in ax25_accept(). This makes the\nlogic leading to ax25_accept() match the logic for ax25_bind(): in both\ncases we increment the refcount, which is ultimately decremented in\nax25_release().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40910', 'https://git.kernel.org/linus/3c34fb0bd4a4237592c5ecb5b2e2531900c55774 (6.10-rc3)', 'https://git.kernel.org/stable/c/3c34fb0bd4a4237592c5ecb5b2e2531900c55774', 'https://git.kernel.org/stable/c/52100fd74ad07b53a4666feafff1cd11436362d3', 'https://git.kernel.org/stable/c/a723a6c8d4831cc8e2c7b0c9f3f0c010d4671964', 'https://git.kernel.org/stable/c/f4df9d6c8d4e4c818252b0419c2165d66eabd4eb', 'https://lore.kernel.org/linux-cve-announce/2024071210-CVE-2024-40910-d7d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40910', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40910'], 'PublishedDate': '2024-07-12T13:15:14.213Z', 'LastModifiedDate': '2024-08-29T13:55:38.203Z'}, {'VulnerabilityID': 'CVE-2024-40918', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: Try to fix random segmentation faults in package builds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Try to fix random segmentation faults in package builds\n\nPA-RISC systems with PA8800 and PA8900 processors have had problems\nwith random segmentation faults for many years.  Systems with earlier\nprocessors are much more stable.\n\nSystems with PA8800 and PA8900 processors have a large L2 cache which\nneeds per page flushing for decent performance when a large range is\nflushed. The combined cache in these systems is also more sensitive to\nnon-equivalent aliases than the caches in earlier systems.\n\nThe majority of random segmentation faults that I have looked at\nappear to be memory corruption in memory allocated using mmap and\nmalloc.\n\nMy first attempt at fixing the random faults didn't work. On\nreviewing the cache code, I realized that there were two issues\nwhich the existing code didn't handle correctly. Both relate\nto cache move-in. Another issue is that the present bit in PTEs\nis racy.\n\n1) PA-RISC caches have a mind of their own and they can speculatively\nload data and instructions for a page as long as there is a entry in\nthe TLB for the page which allows move-in. TLBs are local to each\nCPU. Thus, the TLB entry for a page must be purged before flushing\nthe page. This is particularly important on SMP systems.\n\nIn some of the flush routines, the flush routine would be called\nand then the TLB entry would be purged. This was because the flush\nroutine needed the TLB entry to do the flush.\n\n2) My initial approach to trying the fix the random faults was to\ntry and use flush_cache_page_if_present for all flush operations.\nThis actually made things worse and led to a couple of hardware\nlockups. It finally dawned on me that some lines weren't being\nflushed because the pte check code was racy. This resulted in\nrandom inequivalent mappings to physical pages.\n\nThe __flush_cache_page tmpalias flush sets up its own TLB entry\nand it doesn't need the existing TLB entry. As long as we can find\nthe pte pointer for the vm page, we can get the pfn and physical\naddress of the page. We can also purge the TLB entry for the page\nbefore doing the flush. Further, __flush_cache_page uses a special\nTLB entry that inhibits cache move-in.\n\nWhen switching page mappings, we need to ensure that lines are\nremoved from the cache.  It is not sufficient to just flush the\nlines to memory as they may come back.\n\nThis made it clear that we needed to implement all the required\nflush operations using tmpalias routines. This includes flushes\nfor user and kernel pages.\n\nAfter modifying the code to use tmpalias flushes, it became clear\nthat the random segmentation faults were not fully resolved. The\nfrequency of faults was worse on systems with a 64 MB L2 (PA8900)\nand systems with more CPUs (rp4440).\n\nThe warning that I added to flush_cache_page_if_present to detect\npages that couldn't be flushed triggered frequently on some systems.\n\nHelge and I looked at the pages that couldn't be flushed and found\nthat the PTE was either cleared or for a swap page. Ignoring pages\nthat were swapped out seemed okay but pages with cleared PTEs seemed\nproblematic.\n\nI looked at routines related to pte_clear and noticed ptep_clear_flush.\nThe default implementation just flushes the TLB entry. However, it was\nobvious that on parisc we need to flush the cache page as well. If\nwe don't flush the cache page, stale lines will be left in the cache\nand cause random corruption. Once a PTE is cleared, there is no way\nto find the physical address associated with the PTE and flush the\nassociated page at a later time.\n\nI implemented an updated change with a parisc specific version of\nptep_clear_flush. It fixed the random data corruption on Helge's rp4440\nand rp3440, as well as on my c8000.\n\nAt this point, I realized that I could restore the code where we only\nflush in flush_cache_page_if_present if the page has been accessed.\nHowever, for this, we also need to flush the cache when the accessed\nbit is cleared in\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40918', 'https://git.kernel.org/linus/72d95924ee35c8cd16ef52f912483ee938a34d49 (6.10-rc4)', 'https://git.kernel.org/stable/c/5bf196f1936bf93df31112fbdfb78c03537c07b0', 'https://git.kernel.org/stable/c/72d95924ee35c8cd16ef52f912483ee938a34d49', 'https://git.kernel.org/stable/c/d66f2607d89f760cdffed88b22f309c895a2af20', 'https://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40918-1830@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40918', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40918'], 'PublishedDate': '2024-07-12T13:15:14.863Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40953', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\n\nUse {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the\nloads and stores are atomic.  In the extremely unlikely scenario the\ncompiler tears the stores, it's theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\n\n  CPU0                              CPU1\n  last_boosted_vcpu = 0xff;\n\n                                    (last_boosted_vcpu = 0x100)\n                                    last_boosted_vcpu[15:8] = 0x01;\n  i = (last_boosted_vcpu = 0x1ff)\n                                    last_boosted_vcpu[7:0] = 0x00;\n\n  vcpu = kvm->vcpu_array[0x1ff];\n\nAs detected by KCSAN:\n\n  BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\n\n  write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\n  kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\n  handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n  vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t arch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n  vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n  kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n  kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n  __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n  __x64_sys_ioctl (fs/ioctl.c:890)\n  x64_sys_call (arch/x86/entry/syscall_64.c:33)\n  do_syscall_64 (arch/x86/entry/common.c:?)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n  read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\n  kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\n  handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n  vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t\tarch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n  vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n  kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n  kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n  __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n  __x64_sys_ioctl (fs/ioctl.c:890)\n  x64_sys_call (arch/x86/entry/syscall_64.c:33)\n  do_syscall_64 (arch/x86/entry/common.c:?)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n  value changed: 0x00000012 -> 0x00000000", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40953', 'https://git.kernel.org/linus/49f683b41f28918df3e51ddc0d928cb2e934ccdb (6.10-rc5)', 'https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb', 'https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c', 'https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60', 'https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20', 'https://lore.kernel.org/linux-cve-announce/2024071223-CVE-2024-40953-8685@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40953', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40953'], 'PublishedDate': '2024-07-12T13:15:17.56Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40965', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: lpi2c: Avoid calling clk_get_rate during transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: lpi2c: Avoid calling clk_get_rate during transfer\n\nInstead of repeatedly calling clk_get_rate for each transfer, lock\nthe clock rate and cache the value.\nA deadlock has been observed while adding tlv320aic32x4 audio codec to\nthe system. When this clock provider adds its clock, the clk mutex is\nlocked already, it needs to access i2c, which in return needs the mutex\nfor clk_get_rate as well.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40965', 'https://git.kernel.org/linus/4268254a39484fc11ba991ae148bacbe75d9cc0a (6.10-rc1)', 'https://git.kernel.org/stable/c/2b42e9587a7a9c7b824e0feb92958f258263963e', 'https://git.kernel.org/stable/c/4268254a39484fc11ba991ae148bacbe75d9cc0a', 'https://lore.kernel.org/linux-cve-announce/2024071227-CVE-2024-40965-d9b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40965', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40965'], 'PublishedDate': '2024-07-12T13:15:18.37Z', 'LastModifiedDate': '2024-09-09T17:57:18.697Z'}, {'VulnerabilityID': 'CVE-2024-40966', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: add the option to have a tty reject a new ldisc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: add the option to have a tty reject a new ldisc\n\n... and use it to limit the virtual terminals to just N_TTY.  They are\nkind of special, and in particular, the "con_write()" routine violates\nthe "writes cannot sleep" rule that some ldiscs rely on.\n\nThis avoids the\n\n   BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659\n\nwhen N_GSM has been attached to a virtual console, and gsmld_write()\ncalls con_write() while holding a spinlock, and con_write() then tries\nto get the console lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40966', 'https://git.kernel.org/linus/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b (6.10-rc1)', 'https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409', 'https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937', 'https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86', 'https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b', 'https://lore.kernel.org/linux-cve-announce/2024071227-CVE-2024-40966-cea6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40966', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40966'], 'PublishedDate': '2024-07-12T13:15:18.42Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40969', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: don't set RO when shutting down f2fs", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: don't set RO when shutting down f2fs\n\nShutdown does not check the error of thaw_super due to readonly, which\ncauses a deadlock like below.\n\nf2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC)        issue_discard_thread\n - bdev_freeze\n  - freeze_super\n - f2fs_stop_checkpoint()\n  - f2fs_handle_critical_error                     - sb_start_write\n    - set RO                                         - waiting\n - bdev_thaw\n  - thaw_super_locked\n    - return -EINVAL, if sb_rdonly()\n - f2fs_stop_discard_thread\n  -> wait for kthread_stop(discard_thread);", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40969', 'https://git.kernel.org/linus/3bdb7f161697e2d5123b89fe1778ef17a44858e7 (6.10-rc1)', 'https://git.kernel.org/stable/c/1036d3ea7a32cb7cee00885c73a1f2ba7fbc499a', 'https://git.kernel.org/stable/c/3bdb7f161697e2d5123b89fe1778ef17a44858e7', 'https://git.kernel.org/stable/c/f47ed3b284b38f235355e281f57dfa8fffcc6563', 'https://lore.kernel.org/linux-cve-announce/2024071228-CVE-2024-40969-6507@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40969', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40969'], 'PublishedDate': '2024-07-12T13:15:18.627Z', 'LastModifiedDate': '2024-09-09T17:59:29.787Z'}, {'VulnerabilityID': 'CVE-2024-40972', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: do not create EA inode under buffer lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40972', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0a46ef234756dca04623b7591e8ebb3440622f0b (6.10-rc1)', 'https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd', 'https://git.kernel.org/stable/c/0a46ef234756dca04623b7591e8ebb3440622f0b', 'https://git.kernel.org/stable/c/111103907234bffd0a34fba070ad9367de058752', 'https://git.kernel.org/stable/c/737fb7853acd5bc8984f6f42e4bfba3334be8ae1', 'https://linux.oracle.com/cve/CVE-2024-40972.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40972-1569@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40972', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40972'], 'PublishedDate': '2024-07-12T13:15:18.82Z', 'LastModifiedDate': '2024-08-29T17:15:07.83Z'}, {'VulnerabilityID': 'CVE-2024-40973', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mtk-vcodec: potential null pointer deference in SCP', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40973', 'https://git.kernel.org/linus/53dbe08504442dc7ba4865c09b3bbf5fe849681b (6.10-rc1)', 'https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b', 'https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b', 'https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354', 'https://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40973-ace1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40973', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40973'], 'PublishedDate': '2024-07-12T13:15:18.89Z', 'LastModifiedDate': '2024-09-09T18:09:01.393Z'}, {'VulnerabilityID': 'CVE-2024-40975', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Unregister devices in reverse order\n\nNot all subsystems support a device getting removed while there are\nstill consumers of the device with a reference to the device.\n\nOne example of this is the regulator subsystem. If a regulator gets\nunregistered while there are still drivers holding a reference\na WARN() at drivers/regulator/core.c:5829 triggers, e.g.:\n\n WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister\n Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015\n RIP: 0010:regulator_unregister\n Call Trace:\n  <TASK>\n  regulator_unregister\n  devres_release_group\n  i2c_device_remove\n  device_release_driver_internal\n  bus_remove_device\n  device_del\n  device_unregister\n  x86_android_tablet_remove\n\nOn the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides\na 5V boost converter output for powering USB devices connected to the micro\nUSB port, the bq24190-charger driver exports this as a Vbus regulator.\n\nOn the 830 (8") and 1050 ("10") models this regulator is controlled by\na platform_device and x86_android_tablet_remove() removes platform_device-s\nbefore i2c_clients so the consumer gets removed first.\n\nBut on the 1380 (13") model there is a lc824206xa micro-USB switch\nconnected over I2C and the extcon driver for that controls the regulator.\nThe bq24190 i2c-client *must* be registered first, because that creates\nthe regulator with the lc824206xa listed as its consumer. If the regulator\nhas not been registered yet the lc824206xa driver will end up getting\na dummy regulator.\n\nSince in this case both the regulator provider and consumer are I2C\ndevices, the only way to ensure that the consumer is unregistered first\nis to unregister the I2C devices in reverse order of in which they were\ncreated.\n\nFor consistency and to avoid similar problems in the future change\nx86_android_tablet_remove() to unregister all device types in reverse\norder.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40975', 'https://git.kernel.org/linus/3de0f2627ef849735f155c1818247f58404dddfe (6.10-rc1)', 'https://git.kernel.org/stable/c/3de0f2627ef849735f155c1818247f58404dddfe', 'https://git.kernel.org/stable/c/f0c982853d665597d17e4995ff479fbbf79a9cf6', 'https://lore.kernel.org/linux-cve-announce/2024071230-CVE-2024-40975-f7d8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40975', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40975'], 'PublishedDate': '2024-07-12T13:15:19.007Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40977', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40977', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/ecf0b2b8a37c8464186620bef37812a117ff6366 (6.10-rc1)', 'https://git.kernel.org/stable/c/0b81faa05b0b9feb3ae2d69be1d21f0d126ecb08', 'https://git.kernel.org/stable/c/85edd783f4539a994d66c4c014d5858f490b7a02', 'https://git.kernel.org/stable/c/e974dd4c22a23ec3ce579fb6d31a674ac0435da9', 'https://git.kernel.org/stable/c/ecf0b2b8a37c8464186620bef37812a117ff6366', 'https://linux.oracle.com/cve/CVE-2024-40977.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071230-CVE-2024-40977-07c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40977', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40977'], 'PublishedDate': '2024-07-12T13:15:19.143Z', 'LastModifiedDate': '2024-09-09T18:11:49.467Z'}, {'VulnerabilityID': 'CVE-2024-40979', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix kernel crash during resume', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix kernel crash during resume\n\nCurrently during resume, QMI target memory is not properly handled, resulting\nin kernel crash in case DMA remap is not supported:\n\nBUG: Bad page state in process kworker/u16:54  pfn:36e80\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80\npage dumped because: nonzero _refcount\nCall Trace:\n bad_page\n free_page_is_bad_report\n __free_pages_ok\n __free_pages\n dma_direct_free\n dma_free_attrs\n ath12k_qmi_free_target_mem_chunk\n ath12k_qmi_msg_mem_request_cb\n\nThe reason is:\nOnce ath12k module is loaded, firmware sends memory request to host. In case\nDMA remap not supported, ath12k refuses the first request due to failure in\nallocating with large segment size:\n\nath12k_pci 0000:04:00.0: qmi firmware request memory request\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 7077888\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 8454144\nath12k_pci 0000:04:00.0: qmi dma allocation failed (7077888 B type 1), will try later with small size\nath12k_pci 0000:04:00.0: qmi delays mem_request 2\nath12k_pci 0000:04:00.0: qmi firmware request memory request\n\nLater firmware comes back with more but small segments and allocation\nsucceeds:\n\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 262144\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 65536\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\n\nNow ath12k is working. If suspend is triggered, firmware will be reloaded\nduring resume. As same as before, firmware requests two large segments at\nfirst. In ath12k_qmi_msg_mem_request_cb() segment count and size are\nassigned:\n\n\tab->qmi.mem_seg_count == 2\n\tab->qmi.target_mem[0].size == 7077888\n\tab->qmi.target_mem[1].size == 8454144\n\nThen allocation failed like before and ath12k_qmi_free_target_mem_chunk()\nis called to free all allocated segments. Note the first segment is skipped\nbecause its v.addr is cleared due to allocation failure:\n\n\tchunk->v.addr = dma_alloc_coherent()\n\nAlso note that this leaks that segment because it has not been freed.\n\nWhile freeing the second segment, a size of 8454144 is passed to\ndma_free_coherent(). However remember that this segment is allocated at\nthe first time firmware is loaded, before suspend. So its real size is\n524288, much smaller than 8454144. As a result kernel found we are freeing\nsome memory which is in use and thus cras\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40979', 'https://git.kernel.org/linus/303c017821d88ebad887814114d4e5966d320b28 (6.10-rc1)', 'https://git.kernel.org/stable/c/303c017821d88ebad887814114d4e5966d320b28', 'https://git.kernel.org/stable/c/bb50a4e711ff95348ad53641acb1306d89eb4c3a', 'https://lore.kernel.org/linux-cve-announce/2024071231-CVE-2024-40979-4cfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40979', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40979'], 'PublishedDate': '2024-07-12T13:15:19.477Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40982', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ssb: Fix potential NULL pointer dereference in ssb_device_uevent()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40982', 'https://git.kernel.org/linus/789c17185fb0f39560496c2beab9b57ce1d0cbe7 (6.10-rc1)', 'https://git.kernel.org/stable/c/789c17185fb0f39560496c2beab9b57ce1d0cbe7', 'https://git.kernel.org/stable/c/7d43c8377c6fc846b1812f8df360425c9323dc56', 'https://git.kernel.org/stable/c/c5dc2d8eb3981bae261ea7d1060a80868e886813', 'https://lore.kernel.org/linux-cve-announce/2024071232-CVE-2024-40982-149b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40982', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40982'], 'PublishedDate': '2024-07-12T13:15:19.8Z', 'LastModifiedDate': '2024-09-09T18:13:13.997Z'}, {'VulnerabilityID': 'CVE-2024-40989', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don't have\nany dangling pointer to that region stored in a vcpu.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40989', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8 (6.10-rc5)', 'https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8', 'https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76', 'https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c', 'https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77', 'https://linux.oracle.com/cve/CVE-2024-40989.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071249-CVE-2024-40989-c8da@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40989', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40989'], 'PublishedDate': '2024-07-12T13:15:20.31Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40998', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix uninitialized ratelimit_state-&gt;lock access in __ext4_fill_super()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()\n\nIn the following concurrency we will access the uninitialized rs->lock:\n\next4_fill_super\n  ext4_register_sysfs\n   // sysfs registered msg_ratelimit_interval_ms\n                             // Other processes modify rs->interval to\n                             // non-zero via msg_ratelimit_interval_ms\n  ext4_orphan_cleanup\n    ext4_msg(sb, KERN_INFO, "Errors on filesystem, "\n      __ext4_msg\n        ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state)\n          if (!rs->interval)  // do nothing if interval is 0\n            return 1;\n          raw_spin_trylock_irqsave(&rs->lock, flags)\n            raw_spin_trylock(lock)\n              _raw_spin_trylock\n                __raw_spin_trylock\n                  spin_acquire(&lock->dep_map, 0, 1, _RET_IP_)\n                    lock_acquire\n                      __lock_acquire\n                        register_lock_class\n                          assign_lock_key\n                            dump_stack();\n  ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10);\n    raw_spin_lock_init(&rs->lock);\n    // init rs->lock here\n\nand get the following dump_stack:\n\n=========================================================\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\'t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504\n[...]\nCall Trace:\n dump_stack_lvl+0xc5/0x170\n dump_stack+0x18/0x30\n register_lock_class+0x740/0x7c0\n __lock_acquire+0x69/0x13a0\n lock_acquire+0x120/0x450\n _raw_spin_trylock+0x98/0xd0\n ___ratelimit+0xf6/0x220\n __ext4_msg+0x7f/0x160 [ext4]\n ext4_orphan_cleanup+0x665/0x740 [ext4]\n __ext4_fill_super+0x21ea/0x2b10 [ext4]\n ext4_fill_super+0x14d/0x360 [ext4]\n[...]\n=========================================================\n\nNormally interval is 0 until s_msg_ratelimit_state is initialized, so\n___ratelimit() does nothing. But registering sysfs precedes initializing\nrs->lock, so it is possible to change rs->interval to a non-zero value\nvia the msg_ratelimit_interval_ms interface of sysfs while rs->lock is\nuninitialized, and then a call to ext4_msg triggers the problem by\naccessing an uninitialized rs->lock. Therefore register sysfs after all\ninitializations are complete to avoid such problems.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40998', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c (6.10-rc1)', 'https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c', 'https://git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798', 'https://git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c', 'https://linux.oracle.com/cve/CVE-2024-40998.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40998-90d6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40998', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40998'], 'PublishedDate': '2024-07-12T13:15:20.857Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40999', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ena: Add validation for completion descriptors consistency', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40999', 'https://git.kernel.org/linus/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7 (6.10-rc1)', 'https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e', 'https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7', 'https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40999-8c1b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40999', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40999'], 'PublishedDate': '2024-07-12T13:15:20.92Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-41001', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: io_uring/sqpoll: work around a potential audit memory leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there\'s a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm "iou-sqp-455", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace (crc 2e481b1a):\n[<00000000c0a26af4>] kmemleak_alloc+0x30/0x38\n[<000000009c30bb45>] kmalloc_trace+0x228/0x358\n[<000000009da9d39f>] __audit_sockaddr+0xd0/0x138\n[<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8\n[<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4\n[<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48\n[<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4\n[<00000000d999b491>] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n   audit call.\n2) The thread hasn\'t done any operations before this that triggered\n   an audit call inside ->issue(), where we have audit_uring_entry()\n   and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41001', 'https://git.kernel.org/linus/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae (6.10-rc1)', 'https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227', 'https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667', 'https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3', 'https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae', 'https://lore.kernel.org/linux-cve-announce/2024071253-CVE-2024-41001-7879@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41001', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41001'], 'PublishedDate': '2024-07-12T13:15:21.053Z', 'LastModifiedDate': '2024-08-21T16:17:45.513Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41023', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41023', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/deadline: Fix task_struct reference leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n  comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s)\n  object hex dump (first 32 bytes):\n    02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  debug hex dump (first 16 bytes):\n    53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\n  backtrace:\n    [<00000000046b6790>] dup_task_struct+0x30/0x540\n    [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n    [<00000000ced59777>] kernel_clone+0xb0/0x770\n    [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n    [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n    [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-41023', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/b58652db66c910c2245f5bee7deca41c12d707b9 (6.10)', 'https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4', 'https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9', 'https://linux.oracle.com/cve/CVE-2024-41023.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072917-CVE-2024-41023-32a0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41023', 'https://www.cve.org/CVERecord?id=CVE-2024-41023'], 'PublishedDate': '2024-07-29T15:15:11.2Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41030', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: discard write access to the directory open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: discard write access to the directory open\n\nmay_open() does not allow a directory to be opened with the write access.\nHowever, some writing flags set by client result in adding write access\non server, making ksmbd incompatible with FUSE file system. Simply, let's\ndiscard the write access when opening a directory.\n\nlist_add corruption. next is NULL.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:26!\npc : __list_add_valid+0x88/0xbc\nlr : __list_add_valid+0x88/0xbc\nCall trace:\n__list_add_valid+0x88/0xbc\nfuse_finish_open+0x11c/0x170\nfuse_open_common+0x284/0x5e8\nfuse_dir_open+0x14/0x24\ndo_dentry_open+0x2a4/0x4e0\ndentry_open+0x50/0x80\nsmb2_open+0xbe4/0x15a4\nhandle_ksmbd_work+0x478/0x5ec\nprocess_one_work+0x1b4/0x448\nworker_thread+0x25c/0x430\nkthread+0x104/0x1d4\nret_from_fork+0x10/0x20", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41030', 'https://git.kernel.org/linus/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd (6.10)', 'https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035', 'https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361', 'https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa', 'https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd', 'https://lore.kernel.org/linux-cve-announce/2024072921-CVE-2024-41030-301a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41030', 'https://www.cve.org/CVERecord?id=CVE-2024-41030'], 'PublishedDate': '2024-07-29T15:15:11.697Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41031', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41031', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/filemap: skip to create PMD-sized page cache if needed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB.  The\nPMD-sized page cache can't be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib  \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct    \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4    \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm      \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64      \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER.  For this specific case, we will fall to\nregular path where the readahead window is determined by BDI's sysfs file\n(read_ahead_kb).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41031', 'https://git.kernel.org/linus/3390916aca7af1893ed2ebcdfee1d6fdb65bb058 (6.10)', 'https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21', 'https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972', 'https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058', 'https://lore.kernel.org/linux-cve-announce/2024072921-CVE-2024-41031-6286@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41031', 'https://www.cve.org/CVERecord?id=CVE-2024-41031'], 'PublishedDate': '2024-07-29T15:15:11.77Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41036', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41036', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ks8851: Fix deadlock with the SPI chip variant', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n    watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n    call trace:\n      queued_spin_lock_slowpath+0x100/0x284\n      do_raw_spin_lock+0x34/0x44\n      ks8851_start_xmit_spi+0x30/0xb8\n      ks8851_start_xmit+0x14/0x20\n      netdev_start_xmit+0x40/0x6c\n      dev_hard_start_xmit+0x6c/0xbc\n      sch_direct_xmit+0xa4/0x22c\n      __qdisc_run+0x138/0x3fc\n      qdisc_run+0x24/0x3c\n      net_tx_action+0xf8/0x130\n      handle_softirqs+0x1ac/0x1f0\n      __do_softirq+0x14/0x20\n      ____do_softirq+0x10/0x1c\n      call_on_irq_stack+0x3c/0x58\n      do_softirq_own_stack+0x1c/0x28\n      __irq_exit_rcu+0x54/0x9c\n      irq_exit_rcu+0x10/0x1c\n      el1_interrupt+0x38/0x50\n      el1h_64_irq_handler+0x18/0x24\n      el1h_64_irq+0x64/0x68\n      __netif_schedule+0x6c/0x80\n      netif_tx_wake_queue+0x38/0x48\n      ks8851_irq+0xb8/0x2c8\n      irq_thread_fn+0x2c/0x74\n      irq_thread+0x10c/0x1b0\n      kthread+0xc8/0xd8\n      ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41036', 'https://git.kernel.org/linus/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c (6.10)', 'https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c', 'https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0', 'https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05', 'https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4', 'https://lore.kernel.org/linux-cve-announce/2024072923-CVE-2024-41036-65a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41036', 'https://www.cve.org/CVERecord?id=CVE-2024-41036'], 'PublishedDate': '2024-07-29T15:15:12.17Z', 'LastModifiedDate': '2024-09-10T18:06:30.977Z'}, {'VulnerabilityID': 'CVE-2024-41045', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41045', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Defer work in bpf_timer_cancel_and_free', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41045', 'https://git.kernel.org/linus/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69 (6.10)', 'https://git.kernel.org/stable/c/7aa5a19279c3639ae8b758b63f05d0c616a39fa1', 'https://git.kernel.org/stable/c/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69', 'https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41045-6cc1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41045', 'https://www.cve.org/CVERecord?id=CVE-2024-41045'], 'PublishedDate': '2024-07-29T15:15:12.873Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41050', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41050', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: cyclic allocation of msg_id to avoid reuse', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n       t1       |      t2       |      t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, &info->work)\n                ondemand_object_worker\n                 cachefiles_ondemand_init_object(A)\n                  cachefiles_ondemand_send_req(OPEN)\n                    // get msg_id 6\n                    wait_for_completion(&req_A->done)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n                                // Malicious completion msg_id 6\n                                copen 6,-1\n                                cachefiles_ondemand_copen\n                                 complete(&req_A->done)\n                                 // will not set the object to close\n                                 // because ondemand_id && fd is valid.\n\n                // ondemand_object_worker() is done\n                // but the object is still reopening.\n\n                                // new open req_B\n                                cachefiles_ondemand_init_object(B)\n                                 cachefiles_ondemand_send_req(OPEN)\n                                 // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41050', 'https://git.kernel.org/linus/19f4f399091478c95947f6bd7ad61622300c30d9 (6.10)', 'https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9', 'https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6', 'https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17', 'https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0', 'https://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41050-f3ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41050', 'https://www.cve.org/CVERecord?id=CVE-2024-41050'], 'PublishedDate': '2024-07-29T15:15:13.26Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41062', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41062', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bluetooth/l2cap: sync sock recv cb and release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n           CPU0                       CPU1\n           ----                       ----\n           sock_close                 hci_rx_work\n\t   l2cap_sock_release         hci_acldata_packet\n\t   l2cap_sock_kill            l2cap_recv_frame\n\t   sk_free                    l2cap_conless_channel\n\t                              l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41062', 'https://git.kernel.org/linus/89e856e124f9ae548572c56b1b70c2255705f8fe (6.10-rc7)', 'https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629', 'https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf', 'https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe', 'https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6', 'https://lore.kernel.org/linux-cve-announce/2024072906-CVE-2024-41062-cb85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41062', 'https://www.cve.org/CVERecord?id=CVE-2024-41062'], 'PublishedDate': '2024-07-29T15:15:14.173Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41066', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41066', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ibmvnic: Add tx check to prevent skb leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n    tx_buff[free_map[consumer_index]]->skb = new_skb;\n    free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n    consumer_index ++;\nWhere variable data looks like this:\n    free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n                                               \tconsumer_index^\n    tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41066', 'https://git.kernel.org/linus/0983d288caf984de0202c66641577b739caad561 (6.10-rc6)', 'https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561', 'https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c', 'https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06', 'https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a', 'https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41066-0a52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41066', 'https://www.cve.org/CVERecord?id=CVE-2024-41066'], 'PublishedDate': '2024-07-29T15:15:14.48Z', 'LastModifiedDate': '2024-09-10T17:06:26.617Z'}, {'VulnerabilityID': 'CVE-2024-41067', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41067', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: scrub: handle RST lookup error correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: scrub: handle RST lookup error correctly\n\n[BUG]\nWhen running btrfs/060 with forced RST feature, it would crash the\nfollowing ASSERT() inside scrub_read_endio():\n\n\tASSERT(sector_nr < stripe->nr_sectors);\n\nBefore that, we would have tree dump from\nbtrfs_get_raid_extent_offset(), as we failed to find the RST entry for\nthe range.\n\n[CAUSE]\nInside scrub_submit_extent_sector_read() every time we allocated a new\nbbio we immediately called btrfs_map_block() to make sure there was some\nRST range covering the scrub target.\n\nBut if btrfs_map_block() fails, we immediately call endio for the bbio,\nwhile the bbio is newly allocated, it's completely empty.\n\nThen inside scrub_read_endio(), we go through the bvecs to find\nthe sector number (as bi_sector is no longer reliable if the bio is\nsubmitted to lower layers).\n\nAnd since the bio is empty, such bvecs iteration would not find any\nsector matching the sector, and return sector_nr == stripe->nr_sectors,\ntriggering the ASSERT().\n\n[FIX]\nInstead of calling btrfs_map_block() after allocating a new bbio, call\nbtrfs_map_block() first.\n\nSince our only objective of calling btrfs_map_block() is only to update\nstripe_len, there is really no need to do that after btrfs_alloc_bio().\n\nThis new timing would avoid the problem of handling empty bbio\ncompletely, and in fact fixes a possible race window for the old code,\nwhere if the submission thread is the only owner of the pending_io, the\nscrub would never finish (since we didn't decrease the pending_io\ncounter).\n\nAlthough the root cause of RST lookup failure still needs to be\naddressed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41067', 'https://git.kernel.org/linus/2c49908634a2b97b1c3abe0589be2739ac5e7fd5 (6.10-rc6)', 'https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72', 'https://git.kernel.org/stable/c/2c49908634a2b97b1c3abe0589be2739ac5e7fd5', 'https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41067-bc18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41067', 'https://www.cve.org/CVERecord?id=CVE-2024-41067'], 'PublishedDate': '2024-07-29T15:15:14.56Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41069', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41069', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: topology: Fix references to freed memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41069', 'https://git.kernel.org/linus/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1 (6.10-rc6)', 'https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1', 'https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d', 'https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2', 'https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41069-31e3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41069', 'https://www.cve.org/CVERecord?id=CVE-2024-41069'], 'PublishedDate': '2024-07-29T15:15:14.713Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41074', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41074', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set object to close if ondemand_id &lt; 0 in copen', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id < 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id < 0 in copen.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41074', 'https://git.kernel.org/linus/4f8703fb3482f92edcfd31661857b16fec89c2c0 (6.10-rc4)', 'https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60', 'https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0', 'https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663', 'https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41074-e5d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41074', 'https://www.cve.org/CVERecord?id=CVE-2024-41074'], 'PublishedDate': '2024-07-29T15:15:15.097Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41075', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41075', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: add consistency check for copen/cread', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n  * Generic, copen can only complete open requests, and cread can only\n    complete read requests.\n  * For copen, ondemand_id must not be 0, because this indicates that the\n    request has not been read by the daemon.\n  * For cread, the object corresponding to fd and req should be the same.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41075', 'https://git.kernel.org/linus/a26dc49df37e996876f50a0210039b2d211fdd6f (6.10-rc4)', 'https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539', 'https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a', 'https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a', 'https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41075-7f07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41075', 'https://www.cve.org/CVERecord?id=CVE-2024-41075'], 'PublishedDate': '2024-07-29T15:15:15.163Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41079', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41079', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet: always initialize cqe.result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn't mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet's make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41079', 'https://git.kernel.org/linus/cd0c1b8e045a8d2785342b385cb2684d9b48e426 (6.10-rc4)', 'https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319', 'https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d', 'https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2', 'https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426', 'https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41079-09c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41079', 'https://www.cve.org/CVERecord?id=CVE-2024-41079'], 'PublishedDate': '2024-07-29T15:15:15.457Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41080', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41080', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: io_uring: fix possible deadlock in io_register_iowq_max_workers()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd->lock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock\nbefore acquiring sqd->lock"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41080', 'https://git.kernel.org/linus/73254a297c2dd094abec7c9efee32455ae875bdf (6.10-rc3)', 'https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf', 'https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca', 'https://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41080-6385@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41080', 'https://www.cve.org/CVERecord?id=CVE-2024-41080'], 'PublishedDate': '2024-07-29T15:15:15.523Z', 'LastModifiedDate': '2024-08-22T13:39:43.347Z'}, {'VulnerabilityID': 'CVE-2024-41082', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-fabrics: use reserved tag for reg read/write command', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path,  we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n   are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41082', 'https://git.kernel.org/linus/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa (6.10-rc3)', 'https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb', 'https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa', 'https://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41082-6e0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41082', 'https://www.cve.org/CVERecord?id=CVE-2024-41082'], 'PublishedDate': '2024-07-29T15:15:15.67Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41088', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41088', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251xfd: fix infinite loop when xmit fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[  441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[  441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring->head increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring->head, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41088', 'https://git.kernel.org/linus/d8fb63e46c884c898a38f061c2330f7729e75510 (6.10-rc6)', 'https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b', 'https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729', 'https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510', 'https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025', 'https://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-41088-281e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41088', 'https://www.cve.org/CVERecord?id=CVE-2024-41088'], 'PublishedDate': '2024-07-29T16:15:04.217Z', 'LastModifiedDate': '2024-08-22T13:16:08.143Z'}, {'VulnerabilityID': 'CVE-2024-42063', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42063', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode\n\nsyzbot reported uninit memory usages during map_{lookup,delete}_elem.\n\n==========\nBUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\nBUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\ndev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]\nbpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38\n___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237\n==========\n\nThe reproducer should be in the interpreter mode.\n\nThe C reproducer is trying to run the following bpf prog:\n\n    0: (18) r0 = 0x0\n    2: (18) r1 = map[id:49]\n    4: (b7) r8 = 16777216\n    5: (7b) *(u64 *)(r10 -8) = r8\n    6: (bf) r2 = r10\n    7: (07) r2 += -229\n            ^^^^^^^^^^\n\n    8: (b7) r3 = 8\n    9: (b7) r4 = 0\n   10: (85) call dev_map_lookup_elem#1543472\n   11: (95) exit\n\nIt is due to the "void *key" (r2) passed to the helper. bpf allows uninit\nstack memory access for bpf prog with the right privileges. This patch\nuses kmsan_unpoison_memory() to mark the stack as initialized.\n\nThis should address different syzbot reports on the uninit "void *key"\nargument during map_{lookup,delete}_elem.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42063', 'https://git.kernel.org/linus/e8742081db7d01f980c6161ae1e8a1dbc1e30979 (6.10-rc1)', 'https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12', 'https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5', 'https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf', 'https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979', 'https://lore.kernel.org/linux-cve-announce/2024072950-CVE-2024-42063-d3a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42063', 'https://www.cve.org/CVERecord?id=CVE-2024-42063'], 'PublishedDate': '2024-07-29T16:15:06.053Z', 'LastModifiedDate': '2024-09-05T17:42:12.67Z'}, {'VulnerabilityID': 'CVE-2024-42067', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42067', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-252'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42067', 'https://git.kernel.org/linus/e60adf513275c3a38e5cb67f7fd12387e43a3ff5 (6.10-rc1)', 'https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a', 'https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7', 'https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730', 'https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5', 'https://lore.kernel.org/linux-cve-announce/2024072951-CVE-2024-42067-c8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42067', 'https://www.cve.org/CVERecord?id=CVE-2024-42067'], 'PublishedDate': '2024-07-29T16:15:06.323Z', 'LastModifiedDate': '2024-07-30T19:02:20.687Z'}, {'VulnerabilityID': 'CVE-2024-42091', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42091', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Check pat.ops before dumping PAT settings', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Check pat.ops before dumping PAT settings\n\nWe may leave pat.ops unset when running on brand new platform or\nwhen running as a VF.  While the former is unlikely, the latter\nis valid (future) use case and will cause NPD when someone will\ntry to dump PAT settings by debugfs.\n\nIt's better to check pointer to pat.ops instead of specific .dump\nhook, as we have this hook always defined for every .ops variant.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42091', 'https://git.kernel.org/linus/a918e771e6fbe1fa68932af5b0cdf473e23090cc (6.10-rc1)', 'https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb', 'https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc', 'https://lore.kernel.org/linux-cve-announce/2024072904-CVE-2024-42091-597d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42091', 'https://www.cve.org/CVERecord?id=CVE-2024-42091'], 'PublishedDate': '2024-07-29T18:15:11.657Z', 'LastModifiedDate': '2024-07-30T13:33:30.653Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42110', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42110', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514]  <TASK>\n[74412.586933]  dump_stack_lvl+0x55/0x70\n[74412.591129]  check_preemption_disabled+0xc8/0xf0\n[74412.596374]  netif_rx_internal+0x42/0x130\n[74412.600957]  __netif_rx+0x20/0xd0\n[74412.604743]  ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985]  ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010]  ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332]  idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963]  idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046]  irq_thread_fn+0x21/0x60\n[74412.638134]  ? irq_thread+0xa8/0x290\n[74412.642218]  irq_thread+0x1a0/0x290\n[74412.646212]  ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071]  ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117]  ? __pfx_irq_thread+0x10/0x10\n[74412.660686]  kthread+0x100/0x130\n[74412.664384]  ? __pfx_kthread+0x10/0x10\n[74412.668639]  ret_from_fork+0x31/0x50\n[74412.672716]  ? __pfx_kthread+0x10/0x10\n[74412.676978]  ret_from_fork_asm+0x1a/0x30\n[74412.681457]  </TASK>\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."),\nthe change should\'ve been a noop instead. However, the code precedes this\nfix should\'ve been using netif_rx_ni() or netif_rx_any_context().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42110', 'https://git.kernel.org/linus/e15a5d821e5192a3769d846079bc9aa380139baf (6.10-rc7)', 'https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f', 'https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3', 'https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf', 'https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9', 'https://linux.oracle.com/cve/CVE-2024-42110.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024073021-CVE-2024-42110-4b28@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42110', 'https://www.cve.org/CVERecord?id=CVE-2024-42110'], 'PublishedDate': '2024-07-30T08:15:03.487Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42117', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42117', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: ASSERT when failing to find index by plane/stream id', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: ASSERT when failing to find index by plane/stream id\n\n[WHY]\nfind_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns\nan array index and they return -1 when not found; however, -1 is not a\nvalid index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a positive number (which is\nfewer than callers' array size) instead.\n\nThis fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42117', 'https://git.kernel.org/linus/01eb50e53c1ce505bf449348d433181310288765 (6.10-rc1)', 'https://git.kernel.org/stable/c/01eb50e53c1ce505bf449348d433181310288765', 'https://git.kernel.org/stable/c/a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42117-25fd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42117', 'https://www.cve.org/CVERecord?id=CVE-2024-42117'], 'PublishedDate': '2024-07-30T08:15:04.03Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42118', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42118', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Do not return negative stream id for array', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not return negative stream id for array\n\n[WHY]\nresource_stream_to_stream_idx returns an array index and it return -1\nwhen not found; however, -1 is not a valid array index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a zero instead.\n\nThis fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42118', 'https://git.kernel.org/linus/3ac31c9a707dd1c7c890b95333182f955e9dcb57 (6.10-rc1)', 'https://git.kernel.org/stable/c/3ac31c9a707dd1c7c890b95333182f955e9dcb57', 'https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0', 'https://lore.kernel.org/linux-cve-announce/2024073024-CVE-2024-42118-537b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42118', 'https://www.cve.org/CVERecord?id=CVE-2024-42118'], 'PublishedDate': '2024-07-30T08:15:04.097Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42128', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42128', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: an30259a: Use devm_mutex_init() for mutex initialization', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: an30259a: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42128', 'https://git.kernel.org/linus/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6 (6.10-rc1)', 'https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8', 'https://git.kernel.org/stable/c/9dba44460bfca657ca43f03ea9bafa4f9f7dd077', 'https://git.kernel.org/stable/c/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42128-9ac9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42128', 'https://www.cve.org/CVERecord?id=CVE-2024-42128'], 'PublishedDate': '2024-07-30T08:15:04.903Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42129', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42129', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: mlxreg: Use devm_mutex_init() for mutex initialization', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42129', 'https://git.kernel.org/linus/efc347b9efee1c2b081f5281d33be4559fa50a16 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51', 'https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16', 'https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42129-576e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42129', 'https://www.cve.org/CVERecord?id=CVE-2024-42129'], 'PublishedDate': '2024-07-30T08:15:04.977Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42134', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42134', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio-pci: Check if is_avq is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev->is_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev->is_avq.\n\n[fix]\nCheck whether it is vp_dev->is_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42134', 'https://git.kernel.org/linus/c8fae27d141a32a1624d0d0d5419d94252824498 (6.10-rc1)', 'https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106', 'https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498', 'https://lore.kernel.org/linux-cve-announce/2024073028-CVE-2024-42134-99d7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42134', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42134'], 'PublishedDate': '2024-07-30T08:15:05.36Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42135', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42135', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost_task: Handle SIGKILL by flushing work and exiting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_task: Handle SIGKILL by flushing work and exiting\n\nInstead of lingering until the device is closed, this has us handle\nSIGKILL by:\n\n1. marking the worker as killed so we no longer try to use it with\n   new virtqueues and new flush operations.\n2. setting the virtqueue to worker mapping so no new works are queued.\n3. running all the exiting works.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42135', 'https://git.kernel.org/linus/db5247d9bf5c6ade9fd70b4e4897441e0269b233 (6.10-rc1)', 'https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af', 'https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233', 'https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4', 'https://lore.kernel.org/linux-cve-announce/2024073029-CVE-2024-42135-0694@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42135', 'https://www.cve.org/CVERecord?id=CVE-2024-42135'], 'PublishedDate': '2024-07-30T08:15:05.433Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42144', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42144', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42144', 'https://git.kernel.org/linus/a1191a77351e25ddf091bb1a231cae12ee598b5d (6.10-rc1)', 'https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9', 'https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d', 'https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886', 'https://lore.kernel.org/linux-cve-announce/2024073031-CVE-2024-42144-f412@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42144', 'https://www.cve.org/CVERecord?id=CVE-2024-42144'], 'PublishedDate': '2024-07-30T08:15:06.157Z', 'LastModifiedDate': '2024-09-16T14:12:56.537Z'}, {'VulnerabilityID': 'CVE-2024-42146', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42146', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf\n\nAny kunit doing any memory access should get their own runtime_pm\nouter references since they don't use the standard driver API\nentries. In special this dma_buf from the same driver.\n\nFound by pre-merge CI on adding WARN calls for unprotected\ninner callers:\n\n<6> [318.639739]     # xe_dma_buf_kunit: running xe_test_dmabuf_import_same_driver\n<4> [318.639957] ------------[ cut here ]------------\n<4> [318.639967] xe 0000:4d:00.0: Missing outer runtime PM protection\n<4> [318.640049] WARNING: CPU: 117 PID: 3832 at drivers/gpu/drm/xe/xe_pm.c:533 xe_pm_runtime_get_noresume+0x48/0x60 [xe]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42146', 'https://git.kernel.org/linus/f9116f658a6217b101e3b4e89f845775b6fb05d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/0888d15ea45ba8ef4508edd1123ea5ad95b58994', 'https://git.kernel.org/stable/c/f9116f658a6217b101e3b4e89f845775b6fb05d9', 'https://lore.kernel.org/linux-cve-announce/2024073032-CVE-2024-42146-cbd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42146', 'https://www.cve.org/CVERecord?id=CVE-2024-42146'], 'PublishedDate': '2024-07-30T08:15:06.313Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42147', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42147', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: hisilicon/debugfs - Fix debugfs uninit process issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/debugfs - Fix debugfs uninit process issue\n\nDuring the zip probe process, the debugfs failure does not stop\nthe probe. When debugfs initialization fails, jumping to the\nerror branch will also release regs, in addition to its own\nrollback operation.\n\nAs a result, it may be released repeatedly during the regs\nuninit process. Therefore, the null check needs to be added to\nthe regs uninit process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42147', 'https://git.kernel.org/linus/8be0913389718e8d27c4f1d4537b5e1b99ed7739 (6.10-rc1)', 'https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e', 'https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739', 'https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3', 'https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c', 'https://lore.kernel.org/linux-cve-announce/2024073032-CVE-2024-42147-805a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42147', 'https://www.cve.org/CVERecord?id=CVE-2024-42147'], 'PublishedDate': '2024-07-30T08:15:06.383Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42151', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42151', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable\n\nTest case dummy_st_ops/dummy_init_ret_value passes NULL as the first\nparameter of the test_1() function. Mark this parameter as nullable to\nmake verifier aware of such possibility.\nOtherwise, NULL check in the test_1() code:\n\n      SEC("struct_ops/test_1")\n      int BPF_PROG(test_1, struct bpf_dummy_ops_state *state)\n      {\n            if (!state)\n                    return ...;\n\n            ... access state ...\n      }\n\nMight be removed by verifier, thus triggering NULL pointer dereference\nunder certain conditions.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42151', 'https://git.kernel.org/linus/1479eaff1f16983d8fda7c5a08a586c21891087d (6.10-rc1)', 'https://git.kernel.org/stable/c/1479eaff1f16983d8fda7c5a08a586c21891087d', 'https://git.kernel.org/stable/c/7f79097b0de97a486b137b750d7dd7b20b519d23', 'https://lore.kernel.org/linux-cve-announce/2024073033-CVE-2024-42151-b34a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42151', 'https://www.cve.org/CVERecord?id=CVE-2024-42151'], 'PublishedDate': '2024-07-30T08:15:06.69Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42155', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42155', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/pkey: Wipe copies of protected- and secure-keys', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 1.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 1.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42155', 'https://git.kernel.org/linus/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207 (6.10-rc1)', 'https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b', 'https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207', 'https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42155-5ccb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42155', 'https://www.cve.org/CVERecord?id=CVE-2024-42155'], 'PublishedDate': '2024-07-30T08:15:07.01Z', 'LastModifiedDate': '2024-08-08T15:01:33.093Z'}, {'VulnerabilityID': 'CVE-2024-42156', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42156', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/pkey: Wipe copies of clear-key structures on failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42156', 'https://git.kernel.org/linus/d65d76a44ffe74c73298ada25b0f578680576073 (6.10-rc1)', 'https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d', 'https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073', 'https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42156-1f82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42156', 'https://www.cve.org/CVERecord?id=CVE-2024-42156'], 'PublishedDate': '2024-07-30T08:15:07.08Z', 'LastModifiedDate': '2024-08-02T14:31:53.66Z'}, {'VulnerabilityID': 'CVE-2024-42158', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42158', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-669'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42158', 'https://git.kernel.org/linus/22e6824622e8a8889df0f8fc4ed5aea0e702a694 (6.10-rc1)', 'https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694', 'https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d', 'https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42158-3d50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42158', 'https://www.cve.org/CVERecord?id=CVE-2024-42158'], 'PublishedDate': '2024-07-30T08:15:07.227Z', 'LastModifiedDate': '2024-08-02T14:31:04.187Z'}, {'VulnerabilityID': 'CVE-2024-42230', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42230', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries: Fix scv instruction crash with kexec', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn't easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42230', 'https://git.kernel.org/linus/21a741eb75f80397e5f7d3739e24d7d75e619011 (6.10-rc7)', 'https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011', 'https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3', 'https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c', 'https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5', 'https://lore.kernel.org/linux-cve-announce/2024073039-CVE-2024-42230-a46d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42230', 'https://www.cve.org/CVERecord?id=CVE-2024-42230'], 'PublishedDate': '2024-07-30T08:15:08.193Z', 'LastModifiedDate': '2024-07-30T19:32:51.137Z'}, {'VulnerabilityID': 'CVE-2024-42239', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42239', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fail bpf_timer_cancel when callback is being cancelled', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named 'cancelling' in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur->cancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool 'cancelling' bit and used the\nfollowing pattern under timer->lock to publish cancellation status.\n\nlock(t->lock);\nt->cancelling = true;\nmb();\nif (cur->cancelling)\n\treturn -EDEADLK;\nunlock(t->lock);\nhrtimer_cancel(t->timer);\nt->cancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t->cancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer->lock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42239', 'https://git.kernel.org/linus/d4523831f07a267a943f0dde844bf8ead7495f13 (6.10)', 'https://git.kernel.org/stable/c/3e4e8178a8666c56813bd167b848fca0f4c9af0a', 'https://git.kernel.org/stable/c/9369830518688ecd5b08ffc08ab3302ce2b5d0f7', 'https://git.kernel.org/stable/c/d4523831f07a267a943f0dde844bf8ead7495f13', 'https://lore.kernel.org/linux-cve-announce/2024080740-CVE-2024-42239-a15f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42239', 'https://www.cve.org/CVERecord?id=CVE-2024-42239'], 'PublishedDate': '2024-08-07T16:15:46.733Z', 'LastModifiedDate': '2024-08-08T14:54:08.33Z'}, {'VulnerabilityID': 'CVE-2024-42243', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42243', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray\n\nPatch series "mm/filemap: Limit page cache size to that supported by\nxarray", v2.\n\nCurrently, xarray can\'t support arbitrary page cache size.  More details\ncan be found from the WARN_ON() statement in xas_split_alloc().  In our\ntest whose code is attached below, we hit the WARN_ON() on ARM64 system\nwhere the base page size is 64KB and huge page size is 512MB.  The issue\nwas reported long time ago and some discussions on it can be found here\n[1].\n\n[1] https://www.spinics.net/lists/linux-xfs/msg75404.html\n\nIn order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one\nsupported by xarray and avoid PMD-sized page cache if needed.  The code\nchanges are suggested by David Hildenbrand.\n\nPATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray\nPATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path\nPATCH[4] avoids PMD-sized page cache for shmem files if needed\n\nTest program\n============\n# cat test.c\n#define _GNU_SOURCE\n#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <string.h>\n#include <fcntl.h>\n#include <errno.h>\n#include <sys/syscall.h>\n#include <sys/mman.h>\n\n#define TEST_XFS_FILENAME\t"/tmp/data"\n#define TEST_SHMEM_FILENAME\t"/dev/shm/data"\n#define TEST_MEM_SIZE\t\t0x20000000\n\nint main(int argc, char **argv)\n{\n\tconst char *filename;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stderr, "64KB base page size is required\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled");\n\tsystem("rm -fr /tmp/data");\n\tsystem("rm -fr /dev/shm/data");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open xfs or shmem file */\n\tfilename = TEST_XFS_FILENAME;\n\tif (argc > 1 && !strcmp(argv[1], "shmem"))\n\t\tfilename = TEST_SHMEM_FILENAME;\n\n\tfd = open(filename, O_CREAT | O_RDWR | O_TRUNC);\n\tif (fd < 0) {\n\t\tfprintf(stderr, "Unable to open <%s>\\n", filename);\n\t\treturn -EIO;\n\t}\n\n\t/* Extend file size */\n\tret = ftruncate(fd, TEST_MEM_SIZE);\n\tif (ret) {\n\t\tfprintf(stderr, "Error %d to ftruncate()\\n", ret);\n\t\tgoto cleanup;\n\t}\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE,\n\t\t   PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);\n\tif (buf == (void *)-1) {\n\t\tfprintf(stderr, "Unable to mmap <%s>\\n", filename);\n\t\tgoto cleanup;\n\t}\n\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n        if (ret) {\n\t\tfprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\\n");\n\t\tgoto cleanup;\n\t}\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE);\n\tif (ret) {\n\t\tfprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\\n", ret);\n\t\tgoto cleanup;\n\t}\n\n\t/* Punch the file to enforce xarray split */\n\tret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n        \t\tTEST_MEM_SIZE - pgsize, pgsize);\n\tif (ret)\n\t\tfprintf(stderr, "Error %d to fallocate()\\n", ret);\n\ncleanup:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn 0;\n}\n\n# gcc test.c -o test\n# cat /proc/1/smaps | grep KernelPageSize | head -n 1\nKernelPageSize:       64 kB\n# ./test shmem\n   :\n------------[ cut here ]------------\nWARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib  \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct    \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4    \\\nip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon          \\\ndrm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64  \\\nvirtio_net sha1_ce net_failover failover virtio_console virtio_blk \\\ndimlib virtio_mmio\nCPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TC\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42243', 'https://git.kernel.org/linus/099d90642a711caae377f53309abfe27e8724a8b (6.10)', 'https://git.kernel.org/stable/c/099d90642a711caae377f53309abfe27e8724a8b', 'https://git.kernel.org/stable/c/333c5539a31f48828456aa9997ec2808f06a699a', 'https://git.kernel.org/stable/c/a0c42ddd0969fdc760a85e20e267776028a7ca4e', 'https://lore.kernel.org/linux-cve-announce/2024080741-CVE-2024-42243-2ed5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42243', 'https://www.cve.org/CVERecord?id=CVE-2024-42243'], 'PublishedDate': '2024-08-07T16:15:47.08Z', 'LastModifiedDate': '2024-08-08T14:53:35.073Z'}, {'VulnerabilityID': 'CVE-2024-42252', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42252', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: closures: Change BUG_ON() to WARN_ON()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nclosures: Change BUG_ON() to WARN_ON()\n\nIf a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON()\n\nFor reference, this has popped up once in the CI, and we'll need more\ninfo to debug it:\n\n03240 ------------[ cut here ]------------\n03240 kernel BUG at lib/closure.c:21!\n03240 kernel BUG at lib/closure.c:21!\n03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n03240 Modules linked in:\n03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570\n03240 Hardware name: linux,dummy-virt (DT)\n03240 Workqueue: btree_update btree_interior_update_work\n03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)\n03240 pc : closure_put+0x224/0x2a0\n03240 lr : closure_put+0x24/0x2a0\n03240 sp : ffff0000d12071c0\n03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360\n03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040\n03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168\n03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001\n03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974\n03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d\n03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e\n03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b\n03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954\n03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000\n03240 Call trace:\n03240  closure_put+0x224/0x2a0\n03240  bch2_check_for_deadlock+0x910/0x1028\n03240  bch2_six_check_for_deadlock+0x1c/0x30\n03240  six_lock_slowpath.isra.0+0x29c/0xed0\n03240  six_lock_ip_waiter+0xa8/0xf8\n03240  __bch2_btree_node_lock_write+0x14c/0x298\n03240  bch2_trans_lock_write+0x6d4/0xb10\n03240  __bch2_trans_commit+0x135c/0x5520\n03240  btree_interior_update_work+0x1248/0x1c10\n03240  process_scheduled_works+0x53c/0xd90\n03240  worker_thread+0x370/0x8c8\n03240  kthread+0x258/0x2e8\n03240  ret_from_fork+0x10/0x20\n03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000)\n03240 ---[ end trace 0000000000000000 ]---\n03240 Kernel panic - not syncing: Oops - BUG: Fatal exception\n03240 SMP: stopping secondary CPUs\n03241 SMP: failed to stop secondary CPUs 13,15\n03241 Kernel Offset: disabled\n03241 CPU features: 0x00,00000003,80000008,4240500b\n03241 Memory Limit: none\n03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---\n03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-617'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42252', 'https://git.kernel.org/linus/339b84ab6b1d66900c27bd999271cb2ae40ce812 (6.10-rc5)', 'https://git.kernel.org/stable/c/339b84ab6b1d66900c27bd999271cb2ae40ce812', 'https://git.kernel.org/stable/c/5d85f2ab79d5918a66539ebf046c099f7448db8d', 'https://lore.kernel.org/linux-cve-announce/2024080835-CVE-2024-42252-f46f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42252', 'https://www.cve.org/CVERecord?id=CVE-2024-42252'], 'PublishedDate': '2024-08-08T09:15:08.15Z', 'LastModifiedDate': '2024-09-06T13:37:31.46Z'}, {'VulnerabilityID': 'CVE-2024-42253', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42253', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock' is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n   0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n   0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n   0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n   0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n   0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n   0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n   0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n   0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42253', 'https://git.kernel.org/linus/bfc6444b57dc7186b6acc964705d7516cbaf3904 (6.10-rc6)', 'https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34', 'https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904', 'https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41', 'https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2', 'https://lore.kernel.org/linux-cve-announce/2024080835-CVE-2024-42253-0c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42253', 'https://www.cve.org/CVERecord?id=CVE-2024-42253'], 'PublishedDate': '2024-08-08T09:15:08.22Z', 'LastModifiedDate': '2024-09-06T13:38:36.103Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'FixedVersion': '5.15.0-124.134', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46865', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46865', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: fix initialization of grc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: fix initialization of grc\n\nThe grc must be initialize first. There can be a condition where if\nfou is NULL, goto out will be executed and grc would be used\nuninitialized.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46865', 'https://git.kernel.org/linus/4c8002277167125078e6b9b90137bdf443ebaa08 (6.11)', 'https://git.kernel.org/stable/c/16ff0895283058b0f96d4fe277aa25ee096f0ea8', 'https://git.kernel.org/stable/c/392f6a97fcbecc64f0c00058b2db5bb0e4b8cc3e', 'https://git.kernel.org/stable/c/4c8002277167125078e6b9b90137bdf443ebaa08', 'https://git.kernel.org/stable/c/5d537b8d900514509622ce92330b70d2e581d409', 'https://git.kernel.org/stable/c/7ae890ee19479eeeb87724cca8430b5cb3660c74', 'https://git.kernel.org/stable/c/aca06c617c83295f0caa486ad608fbef7bdc11e8', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46865-c6a7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46865', 'https://www.cve.org/CVERecord?id=CVE-2024-46865'], 'PublishedDate': '2024-09-27T13:15:17.82Z', 'LastModifiedDate': '2024-10-17T14:15:13.327Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-14304', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-14304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool when reading eeprom of device could lead to memory leak', 'Description': "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.", 'Severity': 'LOW', 'CweIDs': ['CWE-460', 'CWE-755'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-14304', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304', 'https://linux.oracle.com/cve/CVE-2020-14304.html', 'https://linux.oracle.com/errata/ELSA-2021-9410.html', 'https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2020-14304', 'https://www.cve.org/CVERecord?id=CVE-2020-14304'], 'PublishedDate': '2020-09-15T20:15:13.103Z', 'LastModifiedDate': '2023-02-12T22:15:16.107Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-3114', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3114', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: clk: imx: NULL pointer dereference in imx_register_uart_clocks()', 'Description': 'An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3114', 'https://bugzilla.redhat.com/show_bug.cgi?id=2153054', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=ed713e2bc093239ccd380c2ce8ae9e4162f5c037', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3114', 'https://www.cve.org/CVERecord?id=CVE-2022-3114'], 'PublishedDate': '2022-12-14T21:15:12.783Z', 'LastModifiedDate': '2022-12-16T21:23:11.37Z'}, {'VulnerabilityID': 'CVE-2022-41848', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-41848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Race condition between mgslpc_ioctl and mgslpc_detach', 'Description': 'drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.2}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-41848', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c', 'https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270', 'https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270', 'https://nvd.nist.gov/vuln/detail/CVE-2022-41848', 'https://www.cve.org/CVERecord?id=CVE-2022-41848'], 'PublishedDate': '2022-09-30T06:15:11.58Z', 'LastModifiedDate': '2023-11-07T03:53:02.36Z'}, {'VulnerabilityID': 'CVE-2022-44032', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44032', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: Race between cmm_open() and cm4000_detach() result in UAF', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44032', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/', 'https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/', 'https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu/', 'https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44032', 'https://www.cve.org/CVERecord?id=CVE-2022-44032'], 'PublishedDate': '2022-10-30T01:15:08.823Z', 'LastModifiedDate': '2024-08-01T13:42:57.66Z'}, {'VulnerabilityID': 'CVE-2022-44033', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44033', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A race condition between cm4040_open() and reader_detach() may result in UAF', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44033', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/', 'https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/', 'https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/', 'https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44033', 'https://www.cve.org/CVERecord?id=CVE-2022-44033'], 'PublishedDate': '2022-10-30T01:15:08.88Z', 'LastModifiedDate': '2024-03-25T01:15:52.727Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2022-45885', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_frontend.c', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-45885', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f', 'https://linux.oracle.com/cve/CVE-2022-45885.html', 'https://linux.oracle.com/errata/ELSA-2023-12207.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-2-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45885', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45885'], 'PublishedDate': '2022-11-25T04:15:09.23Z', 'LastModifiedDate': '2024-03-25T01:15:52.953Z'}, {'VulnerabilityID': 'CVE-2022-45888', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition in drivers/char/xillybus/xillyusb.c', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-45888', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920', 'https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu/', 'https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45888', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45888'], 'PublishedDate': '2022-11-25T04:15:09.36Z', 'LastModifiedDate': '2024-03-25T01:15:53.18Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-4133', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4133', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cxgb4: use-after-free in ch_flower_stats_cb()', 'Description': 'A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2394', 'https://access.redhat.com/errata/RHSA-2024:2950', 'https://access.redhat.com/errata/RHSA-2024:3138', 'https://access.redhat.com/security/cve/CVE-2023-4133', 'https://bugzilla.redhat.com/1731000', 'https://bugzilla.redhat.com/1746732', 'https://bugzilla.redhat.com/1888726', 'https://bugzilla.redhat.com/1999589', 'https://bugzilla.redhat.com/2039178', 'https://bugzilla.redhat.com/2043520', 'https://bugzilla.redhat.com/2044578', 'https://bugzilla.redhat.com/2150953', 'https://bugzilla.redhat.com/2151959', 'https://bugzilla.redhat.com/2177759', 'https://bugzilla.redhat.com/2179892', 'https://bugzilla.redhat.com/2213132', 'https://bugzilla.redhat.com/2218332', 'https://bugzilla.redhat.com/2219359', 'https://bugzilla.redhat.com/2221039', 'https://bugzilla.redhat.com/2221463', 'https://bugzilla.redhat.com/2221702', 'https://bugzilla.redhat.com/2226777', 'https://bugzilla.redhat.com/2226784', 'https://bugzilla.redhat.com/2226787', 'https://bugzilla.redhat.com/2226788', 'https://bugzilla.redhat.com/2230042', 'https://bugzilla.redhat.com/2231410', 'https://bugzilla.redhat.com/2235306', 'https://bugzilla.redhat.com/2239845', 'https://bugzilla.redhat.com/2239847', 'https://bugzilla.redhat.com/2244720', 'https://bugzilla.redhat.com/2250043', 'https://bugzilla.redhat.com/2253632', 'https://bugzilla.redhat.com/2254961', 'https://bugzilla.redhat.com/2254982', 'https://bugzilla.redhat.com/2255283', 'https://bugzilla.redhat.com/2256490', 'https://bugzilla.redhat.com/2256822', 'https://bugzilla.redhat.com/2257682', 'https://bugzilla.redhat.com/2257979', 'https://bugzilla.redhat.com/2265285', 'https://bugzilla.redhat.com/2265653', 'https://bugzilla.redhat.com/2267695', 'https://bugzilla.redhat.com/2267750', 'https://bugzilla.redhat.com/2267760', 'https://bugzilla.redhat.com/2267761', 'https://bugzilla.redhat.com/2269189', 'https://bugzilla.redhat.com/2269217', 'https://bugzilla.redhat.com/2270836', 'https://bugzilla.redhat.com/2270883', 'https://bugzilla.redhat.com/2272811', 'https://bugzilla.redhat.com/show_bug.cgi?id=1731000', 'https://bugzilla.redhat.com/show_bug.cgi?id=1746732', 'https://bugzilla.redhat.com/show_bug.cgi?id=1888726', 'https://bugzilla.redhat.com/show_bug.cgi?id=1930388', 'https://bugzilla.redhat.com/show_bug.cgi?id=1999589', 'https://bugzilla.redhat.com/show_bug.cgi?id=2039178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2043520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044578', 'https://bugzilla.redhat.com/show_bug.cgi?id=2150953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151959', 'https://bugzilla.redhat.com/show_bug.cgi?id=2177759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2179892', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213132', 'https://bugzilla.redhat.com/show_bug.cgi?id=2218332', 'https://bugzilla.redhat.com/show_bug.cgi?id=2219359', 'https://bugzilla.redhat.com/show_bug.cgi?id=2221039', 'https://bugzilla.redhat.com/show_bug.cgi?id=2221463', 'https://bugzilla.redhat.com/show_bug.cgi?id=2221702', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226777', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226784', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226788', 'https://bugzilla.redhat.com/show_bug.cgi?id=2230042', 'https://bugzilla.redhat.com/show_bug.cgi?id=2231130', 'https://bugzilla.redhat.com/show_bug.cgi?id=2231410', 'https://bugzilla.redhat.com/show_bug.cgi?id=2235306', 'https://bugzilla.redhat.com/show_bug.cgi?id=2239845', 'https://bugzilla.redhat.com/show_bug.cgi?id=2239847', 'https://bugzilla.redhat.com/show_bug.cgi?id=2244720', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250043', 'https://bugzilla.redhat.com/show_bug.cgi?id=2253632', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254961', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254982', 'https://bugzilla.redhat.com/show_bug.cgi?id=2255283', 'https://bugzilla.redhat.com/show_bug.cgi?id=2256490', 'https://bugzilla.redhat.com/show_bug.cgi?id=2256822', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257979', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265285', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267695', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267750', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267760', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269217', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270836', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270883', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13631', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4204', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1513', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24023', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31083', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3567', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37453', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38409', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39189', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39193', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39194', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39198', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4133', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4244', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42755', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45863', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51780', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52340', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52448', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52574', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52580', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52581', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52620', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6121', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6176', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6915', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0841', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25742', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26602', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26609', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26671', 'https://errata.almalinux.org/8/ALSA-2024-3138.html', 'https://errata.rockylinux.org/RLSA-2024:3138', 'https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)', 'https://linux.oracle.com/cve/CVE-2023-4133.html', 'https://linux.oracle.com/errata/ELSA-2024-3138.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4133', 'https://www.cve.org/CVERecord?id=CVE-2023-4133'], 'PublishedDate': '2023-08-03T15:15:33.94Z', 'LastModifiedDate': '2024-05-22T17:16:05.99Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-26896', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26896', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: wfx: fix memory leak when starting AP', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n    unreferenced object 0xd73d1180 (size 184):\n      comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................\n      backtrace:\n        [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n        [<127bdd74>] __alloc_skb+0x144/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n        [<69954f45>] __sys_sendmsg+0x64/0xa8\n    unreferenced object 0xce087000 (size 1024):\n      comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n      backtrace:\n        [<9a993714>] __kmalloc_track_caller+0x230/0x600\n        [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n        [<a2c61343>] __alloc_skb+0xa0/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy.', 'Severity': 'LOW', 'CweIDs': ['CWE-125'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26896', 'https://git.kernel.org/linus/b8cfb7c819dd39965136a66fe3a7fde688d976fc (6.9-rc1)', 'https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3', 'https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b', 'https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3', 'https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc', 'https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487', 'https://lore.kernel.org/linux-cve-announce/2024041744-CVE-2024-26896-79fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26896', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26896'], 'PublishedDate': '2024-04-17T11:15:10.727Z', 'LastModifiedDate': '2024-07-03T01:49:59.133Z'}, {'VulnerabilityID': 'CVE-2024-27011', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nf_tables: fix memleak in map from abort path', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS:  0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967]  <TASK>\n[ 6170.287973]  ? __warn+0x9f/0x1a0\n[ 6170.287986]  ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092]  ? report_bug+0x1b1/0x1e0\n[ 6170.287986]  ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092]  ? report_bug+0x1b1/0x1e0\n[ 6170.288104]  ? handle_bug+0x3c/0x70\n[ 6170.288112]  ? exc_invalid_op+0x17/0x40\n[ 6170.288120]  ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132]  ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243]  ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366]  ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483]  nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27011', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/86a1471d7cde792941109b93b558b5dc078b9ee9 (6.9-rc5)', 'https://git.kernel.org/stable/c/49d0e656d19dfb2d4d7c230e4a720d37b3decff6', 'https://git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9', 'https://git.kernel.org/stable/c/a1bd2a38a1c6388fc8556816dc203c3e9dc52237', 'https://linux.oracle.com/cve/CVE-2024-27011.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27011-2c70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27011', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27011'], 'PublishedDate': '2024-05-01T06:15:19.583Z', 'LastModifiedDate': '2024-10-10T12:15:03.39Z'}, {'VulnerabilityID': 'CVE-2016-20013', 'PkgID': 'locales@2.35-0ubuntu3.8', 'PkgName': 'locales', 'InstalledVersion': '2.35-0ubuntu3.8', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-20013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}}, 'References': ['https://akkadia.org/drepper/SHA-crypt.txt', 'https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/', 'https://twitter.com/solardiz/status/795601240151457793', 'https://www.cve.org/CVERecord?id=CVE-2016-20013'], 'PublishedDate': '2022-02-19T05:15:09.413Z', 'LastModifiedDate': '2022-03-03T16:43:19.667Z'}, {'VulnerabilityID': 'CVE-2023-29383', 'PkgID': 'login@1:4.8.1-2ubuntu2.2', 'PkgName': 'login', 'InstalledVersion': '1:4.8.1-2ubuntu2.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-29383', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shadow: Improper input validation in shadow-utils package utility chfn', 'Description': 'In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.', 'Severity': 'LOW', 'CweIDs': ['CWE-74'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-29383', 'https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d', 'https://github.com/shadow-maint/shadow/pull/687', 'https://nvd.nist.gov/vuln/detail/CVE-2023-29383', 'https://www.cve.org/CVERecord?id=CVE-2023-29383', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/', 'https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797'], 'PublishedDate': '2023-04-14T22:15:07.68Z', 'LastModifiedDate': '2023-04-24T18:05:30.313Z'}, {'VulnerabilityID': 'CVE-2023-28736', 'PkgID': 'mdadm@4.2-0ubuntu2', 'PkgName': 'mdadm', 'InstalledVersion': '4.2-0ubuntu2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-28736', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'mdadm: Buffer overflow', 'Description': 'Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L', 'V3Score': 5.7}}, 'References': ['http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html', 'https://access.redhat.com/security/cve/CVE-2023-28736', 'https://nvd.nist.gov/vuln/detail/CVE-2023-28736', 'https://www.cve.org/CVERecord?id=CVE-2023-28736', 'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html'], 'PublishedDate': '2023-08-11T03:15:25.95Z', 'LastModifiedDate': '2023-11-07T04:10:50.49Z'}, {'VulnerabilityID': 'CVE-2023-28938', 'PkgID': 'mdadm@4.2-0ubuntu2', 'PkgName': 'mdadm', 'InstalledVersion': '4.2-0ubuntu2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-28938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'mdadm: Uncontrolled resource consumption', 'Description': 'Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L', 'V3Score': 3.4}}, 'References': ['http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html', 'https://access.redhat.com/security/cve/CVE-2023-28938', 'https://nvd.nist.gov/vuln/detail/CVE-2023-28938', 'https://www.cve.org/CVERecord?id=CVE-2023-28938', 'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html'], 'PublishedDate': '2023-08-11T03:15:27.257Z', 'LastModifiedDate': '2023-11-07T04:10:58.907Z'}, {'VulnerabilityID': 'CVE-2024-5742', 'PkgID': 'nano@6.2-1', 'PkgName': 'nano', 'InstalledVersion': '6.2-1', 'FixedVersion': '6.2-1ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-5742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file', 'Description': 'A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.', 'Severity': 'LOW', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:6986', 'https://access.redhat.com/security/cve/CVE-2024-5742', 'https://bugzilla.redhat.com/2278574', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278574', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5742', 'https://errata.almalinux.org/8/ALSA-2024-6986.html', 'https://errata.rockylinux.org/RLSA-2024:6986', 'https://linux.oracle.com/cve/CVE-2024-5742.html', 'https://linux.oracle.com/errata/ELSA-2024-6986.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-5742', 'https://ubuntu.com/security/notices/USN-7064-1', 'https://www.cve.org/CVERecord?id=CVE-2024-5742'], 'PublishedDate': '2024-06-12T09:15:23.037Z', 'LastModifiedDate': '2024-10-07T20:15:07.173Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'ncurses-base@6.3-2ubuntu0.1', 'PkgName': 'ncurses-base', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'ncurses-base@6.3-2ubuntu0.1', 'PkgName': 'ncurses-base', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'ncurses-bin@6.3-2ubuntu0.1', 'PkgName': 'ncurses-bin', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'ncurses-bin@6.3-2ubuntu0.1', 'PkgName': 'ncurses-bin', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'ncurses-term@6.3-2ubuntu0.1', 'PkgName': 'ncurses-term', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'ncurses-term@6.3-2ubuntu0.1', 'PkgName': 'ncurses-term', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-52890', 'PkgID': 'ntfs-3g@1:2021.8.22-3ubuntu1.2', 'PkgName': 'ntfs-3g', 'InstalledVersion': '1:2021.8.22-3ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...', 'Description': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.', 'Severity': 'LOW', 'References': ['https://github.com/tuxera/ntfs-3g/issues/84', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52890', 'https://www.cve.org/CVERecord?id=CVE-2023-52890'], 'PublishedDate': '2024-06-13T04:15:15.92Z', 'LastModifiedDate': '2024-06-13T18:36:09.01Z'}, {'VulnerabilityID': 'CVE-2024-41996', 'PkgID': 'openssl@3.0.2-0ubuntu1.18', 'PkgName': 'openssl', 'InstalledVersion': '3.0.2-0ubuntu1.18', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations', 'Description': 'Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.', 'Severity': 'LOW', 'CweIDs': ['CWE-295'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41996', 'https://dheatattack.gitlab.io/details/', 'https://dheatattack.gitlab.io/faq/', 'https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1', 'https://github.com/openssl/openssl/issues/17374', 'https://github.com/openssl/openssl/pull/25088', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41996', 'https://openssl-library.org/post/2022-10-21-tls-groups-configuration/', 'https://www.cve.org/CVERecord?id=CVE-2024-41996'], 'PublishedDate': '2024-08-26T06:15:04.603Z', 'LastModifiedDate': '2024-08-26T16:35:11.247Z'}, {'VulnerabilityID': 'CVE-2023-29383', 'PkgID': 'passwd@1:4.8.1-2ubuntu2.2', 'PkgName': 'passwd', 'InstalledVersion': '1:4.8.1-2ubuntu2.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-29383', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shadow: Improper input validation in shadow-utils package utility chfn', 'Description': 'In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.', 'Severity': 'LOW', 'CweIDs': ['CWE-74'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-29383', 'https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d', 'https://github.com/shadow-maint/shadow/pull/687', 'https://nvd.nist.gov/vuln/detail/CVE-2023-29383', 'https://www.cve.org/CVERecord?id=CVE-2023-29383', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/', 'https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797'], 'PublishedDate': '2023-04-14T22:15:07.68Z', 'LastModifiedDate': '2023-04-24T18:05:30.313Z'}, {'VulnerabilityID': 'CVE-2018-6952', 'PkgID': 'patch@2.7.6-7build2', 'PkgName': 'patch', 'InstalledVersion': '2.7.6-7build2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-6952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'patch: Double free of memory in pch.c:another_hunk() causes a crash', 'Description': 'A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.', 'Severity': 'LOW', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/103047', 'https://access.redhat.com/errata/RHSA-2019:2033', 'https://access.redhat.com/security/cve/CVE-2018-6952', 'https://linux.oracle.com/cve/CVE-2018-6952.html', 'https://linux.oracle.com/errata/ELSA-2019-2033.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-6952', 'https://savannah.gnu.org/bugs/index.php?53133', 'https://security.gentoo.org/glsa/201904-17', 'https://www.cve.org/CVERecord?id=CVE-2018-6952'], 'PublishedDate': '2018-02-13T19:29:00.573Z', 'LastModifiedDate': '2019-04-17T20:29:01.727Z'}, {'VulnerabilityID': 'CVE-2021-45261', 'PkgID': 'patch@2.7.6-7build2', 'PkgName': 'patch', 'InstalledVersion': '2.7.6-7build2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-45261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'patch: Invalid Pointer via another_hunk function', 'Description': 'An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.', 'Severity': 'LOW', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-45261', 'https://nvd.nist.gov/vuln/detail/CVE-2021-45261', 'https://savannah.gnu.org/bugs/?61685', 'https://www.cve.org/CVERecord?id=CVE-2021-45261'], 'PublishedDate': '2021-12-22T18:15:08.1Z', 'LastModifiedDate': '2021-12-28T14:24:34.243Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'pkexec@0.105-33', 'PkgName': 'pkexec', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'policykit-1@0.105-33', 'PkgName': 'policykit-1', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'polkitd@0.105-33', 'PkgName': 'polkitd', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2021-21240', 'PkgID': 'python3-httplib2@0.20.2-2', 'PkgName': 'python3-httplib2', 'InstalledVersion': '0.20.2-2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-21240', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'python-httplib2: Regular expression denial of service via malicious header', 'Description': 'httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-21240', 'https://github.com/httplib2/httplib2', 'https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc', 'https://github.com/httplib2/httplib2/pull/182', 'https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m', 'https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2021-16.yaml', 'https://nvd.nist.gov/vuln/detail/CVE-2021-21240', 'https://pypi.org/project/httplib2', 'https://www.cve.org/CVERecord?id=CVE-2021-21240'], 'PublishedDate': '2021-02-08T20:15:12.197Z', 'LastModifiedDate': '2021-02-12T14:56:39.647Z'}, {'VulnerabilityID': 'CVE-2024-41671', 'PkgID': 'python3-twisted@22.1.0-2ubuntu2.5', 'PkgName': 'python3-twisted', 'InstalledVersion': '22.1.0-2ubuntu2.5', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Twisted is an event-based framework for internet applications, support ...', 'Description': 'Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L', 'V3Score': 8.3}}, 'References': ['https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33', 'https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc', 'https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41671', 'https://ubuntu.com/security/notices/USN-6988-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41671'], 'PublishedDate': '2024-07-29T15:15:15.76Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-37891', 'PkgID': 'python3-urllib3@1.26.5-1~exp1ubuntu0.1', 'PkgName': 'python3-urllib3', 'InstalledVersion': '1.26.5-1~exp1ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-37891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'urllib3: proxy-authorization request header is not stripped during cross-origin redirects', 'Description': " urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", 'Severity': 'LOW', 'CweIDs': ['CWE-669'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:6162', 'https://access.redhat.com/security/cve/CVE-2024-37891', 'https://bugzilla.redhat.com/2292788', 'https://errata.almalinux.org/9/ALSA-2024-6162.html', 'https://github.com/urllib3/urllib3', 'https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468', 'https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e', 'https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf', 'https://linux.oracle.com/cve/CVE-2024-37891.html', 'https://linux.oracle.com/errata/ELSA-2024-6311.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-37891', 'https://www.cve.org/CVERecord?id=CVE-2024-37891'], 'PublishedDate': '2024-06-17T20:15:13.45Z', 'LastModifiedDate': '2024-06-20T12:44:22.977Z'}, {'VulnerabilityID': 'CVE-2023-40546', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40546', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Out-of-bounds read printing error messages', 'Description': "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40546', 'https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2051151', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241796', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40546.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40546', 'https://www.cve.org/CVERecord?id=CVE-2023-40546'], 'PublishedDate': '2024-01-29T17:15:08.347Z', 'LastModifiedDate': '2024-09-16T19:16:05.753Z'}, {'VulnerabilityID': 'CVE-2023-40547', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40547', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: RCE in http boot support may lead to Secure Boot bypass', 'Description': 'A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787', 'CWE-346'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H', 'V3Score': 8.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H', 'V3Score': 8.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40547', 'https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2051151', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2234589', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40547.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40547', 'https://www.cve.org/CVERecord?id=CVE-2023-40547'], 'PublishedDate': '2024-01-25T16:15:07.717Z', 'LastModifiedDate': '2024-09-16T19:16:05.947Z'}, {'VulnerabilityID': 'CVE-2023-40548', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40548', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems', 'Description': 'A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190', 'CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40548', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241782', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40548.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40548', 'https://www.cve.org/CVERecord?id=CVE-2023-40548'], 'PublishedDate': '2024-01-29T15:15:08.893Z', 'LastModifiedDate': '2024-10-01T14:15:04.7Z'}, {'VulnerabilityID': 'CVE-2023-40549', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40549', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file', 'Description': 'An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40549', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241797', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40549.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40549', 'https://www.cve.org/CVERecord?id=CVE-2023-40549'], 'PublishedDate': '2024-01-29T17:15:08.58Z', 'LastModifiedDate': '2024-09-16T19:16:06.287Z'}, {'VulnerabilityID': 'CVE-2023-40550', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40550', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Out-of-bound read in verify_buffer_sbat()', 'Description': "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40550', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2259915', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40550.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40550', 'https://www.cve.org/CVERecord?id=CVE-2023-40550'], 'PublishedDate': '2024-01-29T17:15:08.773Z', 'LastModifiedDate': '2024-09-16T19:16:06.45Z'}, {'VulnerabilityID': 'CVE-2023-40551', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40551', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: out of bounds read when parsing MZ binaries', 'Description': "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40551', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2259918', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40551.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40551', 'https://www.cve.org/CVERecord?id=CVE-2023-40551'], 'PublishedDate': '2024-01-29T17:15:08.97Z', 'LastModifiedDate': '2024-09-16T19:16:06.617Z'}, {'VulnerabilityID': 'CVE-2024-5138', 'PkgID': 'snapd@2.63+22.04ubuntu0.1', 'PkgName': 'snapd', 'InstalledVersion': '2.63+22.04ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-5138', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'The snapctl component within snapd allows a confined snap to interact  ...', 'Description': 'The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.', 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'References': ['https://bugs.launchpad.net/snapd/+bug/2065077', 'https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14', 'https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46', 'https://www.cve.org/CVERecord?id=CVE-2024-5138'], 'PublishedDate': '2024-05-31T21:15:09.93Z', 'LastModifiedDate': '2024-09-06T20:35:18.95Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'systemd@249.11-0ubuntu3.12', 'PkgName': 'systemd', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'systemd-sysv@249.11-0ubuntu3.12', 'PkgName': 'systemd-sysv', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'udev@249.11-0ubuntu3.12', 'PkgName': 'udev', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim-common@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim-common', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim-runtime@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim-runtime', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim-tiny@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim-tiny', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2021-31879', 'PkgID': 'wget@1.21.2-2ubuntu1.1', 'PkgName': 'wget', 'InstalledVersion': '1.21.2-2ubuntu1.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-31879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'wget: authorization header disclosure on redirect', 'Description': 'GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-601'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N', 'V2Score': 5.8, 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-31879', 'https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html', 'https://nvd.nist.gov/vuln/detail/CVE-2021-31879', 'https://savannah.gnu.org/bugs/?56909', 'https://security.netapp.com/advisory/ntap-20210618-0002/', 'https://www.cve.org/CVERecord?id=CVE-2021-31879'], 'PublishedDate': '2021-04-29T05:15:08.707Z', 'LastModifiedDate': '2022-05-13T20:52:24.793Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'xxd@2:8.2.3995-1ubuntu2.18', 'PkgName': 'xxd', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2022-4899', 'PkgID': 'zstd@1.4.8+dfsg-3build1', 'PkgName': 'zstd', 'InstalledVersion': '1.4.8+dfsg-3build1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-4899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'zstd: mysql: buffer overrun in util.c', 'Description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1141', 'https://access.redhat.com/security/cve/CVE-2022-4899', 'https://bugzilla.redhat.com/2179864', 'https://bugzilla.redhat.com/2188109', 'https://bugzilla.redhat.com/2188113', 'https://bugzilla.redhat.com/2188115', 'https://bugzilla.redhat.com/2188116', 'https://bugzilla.redhat.com/2188117', 'https://bugzilla.redhat.com/2188118', 'https://bugzilla.redhat.com/2188119', 'https://bugzilla.redhat.com/2188120', 'https://bugzilla.redhat.com/2188121', 'https://bugzilla.redhat.com/2188122', 'https://bugzilla.redhat.com/2188123', 'https://bugzilla.redhat.com/2188124', 'https://bugzilla.redhat.com/2188125', 'https://bugzilla.redhat.com/2188127', 'https://bugzilla.redhat.com/2188128', 'https://bugzilla.redhat.com/2188129', 'https://bugzilla.redhat.com/2188130', 'https://bugzilla.redhat.com/2188131', 'https://bugzilla.redhat.com/2188132', 'https://bugzilla.redhat.com/2224211', 'https://bugzilla.redhat.com/2224212', 'https://bugzilla.redhat.com/2224213', 'https://bugzilla.redhat.com/2224214', 'https://bugzilla.redhat.com/2224215', 'https://bugzilla.redhat.com/2224216', 'https://bugzilla.redhat.com/2224217', 'https://bugzilla.redhat.com/2224218', 'https://bugzilla.redhat.com/2224219', 'https://bugzilla.redhat.com/2224220', 'https://bugzilla.redhat.com/2224221', 'https://bugzilla.redhat.com/2224222', 'https://bugzilla.redhat.com/2245014', 'https://bugzilla.redhat.com/2245015', 'https://bugzilla.redhat.com/2245016', 'https://bugzilla.redhat.com/2245017', 'https://bugzilla.redhat.com/2245018', 'https://bugzilla.redhat.com/2245019', 'https://bugzilla.redhat.com/2245020', 'https://bugzilla.redhat.com/2245021', 'https://bugzilla.redhat.com/2245022', 'https://bugzilla.redhat.com/2245023', 'https://bugzilla.redhat.com/2245024', 'https://bugzilla.redhat.com/2245026', 'https://bugzilla.redhat.com/2245027', 'https://bugzilla.redhat.com/2245028', 'https://bugzilla.redhat.com/2245029', 'https://bugzilla.redhat.com/2245030', 'https://bugzilla.redhat.com/2245031', 'https://bugzilla.redhat.com/2245032', 'https://bugzilla.redhat.com/2245033', 'https://bugzilla.redhat.com/2245034', 'https://bugzilla.redhat.com/2258771', 'https://bugzilla.redhat.com/2258772', 'https://bugzilla.redhat.com/2258773', 'https://bugzilla.redhat.com/2258774', 'https://bugzilla.redhat.com/2258775', 'https://bugzilla.redhat.com/2258776', 'https://bugzilla.redhat.com/2258777', 'https://bugzilla.redhat.com/2258778', 'https://bugzilla.redhat.com/2258779', 'https://bugzilla.redhat.com/2258780', 'https://bugzilla.redhat.com/2258781', 'https://bugzilla.redhat.com/2258782', 'https://bugzilla.redhat.com/2258783', 'https://bugzilla.redhat.com/2258784', 'https://bugzilla.redhat.com/2258785', 'https://bugzilla.redhat.com/2258787', 'https://bugzilla.redhat.com/2258788', 'https://bugzilla.redhat.com/2258789', 'https://bugzilla.redhat.com/2258790', 'https://bugzilla.redhat.com/2258791', 'https://bugzilla.redhat.com/2258792', 'https://bugzilla.redhat.com/2258793', 'https://bugzilla.redhat.com/2258794', 'https://errata.almalinux.org/9/ALSA-2024-1141.html', 'https://github.com/facebook/zstd', 'https://github.com/facebook/zstd/issues/3200', 'https://github.com/facebook/zstd/pull/3220', 'https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml', 'https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6', 'https://linux.oracle.com/cve/CVE-2022-4899.html', 'https://linux.oracle.com/errata/ELSA-2024-1141.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN', 'https://nvd.nist.gov/vuln/detail/CVE-2022-4899', 'https://security.netapp.com/advisory/ntap-20230725-0005', 'https://security.netapp.com/advisory/ntap-20230725-0005/', 'https://www.cve.org/CVERecord?id=CVE-2022-4899'], 'PublishedDate': '2023-03-31T20:15:07.213Z', 'LastModifiedDate': '2023-11-07T03:59:16.09Z'}]}, {'Target': 'Python', 'Class': 'lang-pkgs', 'Type': 'python-pkg', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2021-42771', 'PkgName': 'Babel', 'PkgPath': 'usr/lib/python3/dist-packages/Babel-2.8.0.egg-info/PKG-INFO', 'InstalledVersion': '2.8.0', 'FixedVersion': '2.9.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-42771', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code', 'Description': 'Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.', 'Severity': 'HIGH', 'CweIDs': ['CWE-22'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-42771', 'https://bugzilla.redhat.com/show_bug.cgi?id=1955615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20095', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771', 'https://errata.almalinux.org/8/ALSA-2021-4201.html', 'https://errata.rockylinux.org/RLSA-2021:4201', 'https://github.com/advisories/GHSA-h4m5-qpfp-3mpv', 'https://github.com/pypa/advisory-database/tree/main/vulns/babel/PYSEC-2021-421.yaml', 'https://github.com/python-babel/babel', 'https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3', 'https://github.com/python-babel/babel/pull/782', 'https://linux.oracle.com/cve/CVE-2021-42771.html', 'https://linux.oracle.com/errata/ELSA-2021-4201.html', 'https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html', 'https://lists.debian.org/debian-lts/2021/10/msg00040.html', 'https://nvd.nist.gov/vuln/detail/CVE-2021-42771', 'https://www.cve.org/CVERecord?id=CVE-2021-42771', 'https://www.debian.org/security/2021/dsa-5018', 'https://www.tenable.com/security/research/tra-2021-14'], 'PublishedDate': '2021-10-20T21:15:07.93Z', 'LastModifiedDate': '2021-12-14T21:22:17.273Z'}, {'VulnerabilityID': 'CVE-2022-29217', 'PkgName': 'PyJWT', 'PkgPath': 'usr/lib/python3/dist-packages/PyJWT-2.3.0.egg-info/PKG-INFO', 'InstalledVersion': '2.3.0', 'FixedVersion': '2.4.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-29217', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-jwt: Key confusion through non-blocklisted public key formats', 'Description': 'PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.', 'Severity': 'HIGH', 'CweIDs': ['CWE-327'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N', 'V3Score': 7.4}, 'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-29217', 'https://github.com/jpadilla/pyjwt', 'https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc', 'https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc (2.4.0)', 'https://github.com/jpadilla/pyjwt/releases/tag/2.4.0', 'https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24', 'https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2022-202.yaml', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO', 'https://nvd.nist.gov/vuln/detail/CVE-2022-29217', 'https://ubuntu.com/security/notices/USN-5526-1', 'https://ubuntu.com/security/notices/USN-5526-2', 'https://www.cve.org/CVERecord?id=CVE-2022-29217'], 'PublishedDate': '2022-05-24T15:15:07.767Z', 'LastModifiedDate': '2023-11-07T03:45:58.57Z'}, {'VulnerabilityID': 'CVE-2022-21716', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '22.2.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-21716', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: SSH client and server denial of service during SSH handshake', 'Description': "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.", 'Severity': 'HIGH', 'CweIDs': ['CWE-770', 'CWE-120'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-21716', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9', 'https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1', 'https://github.com/twisted/twisted/releases/tag/twisted-22.2.0', 'https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx', 'https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6', 'https://nvd.nist.gov/vuln/detail/CVE-2022-21716', 'https://security.gentoo.org/glsa/202301-02', 'https://twistedmatrix.com/trac/ticket/10284', 'https://ubuntu.com/security/notices/USN-5354-1', 'https://ubuntu.com/security/notices/USN-5354-2', 'https://www.cve.org/CVERecord?id=CVE-2022-21716', 'https://www.oracle.com/security-alerts/cpuapr2022.html'], 'PublishedDate': '2022-03-03T21:15:07.747Z', 'LastModifiedDate': '2023-11-07T03:43:42.493Z'}, {'VulnerabilityID': 'CVE-2022-24801', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '22.4.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-24801', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: possible http request smuggling', 'Description': "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.", 'Severity': 'HIGH', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 8.1}, 'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 8.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-24801', 'https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac', 'https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac (twisted-22.04.0rc1)', 'https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1', 'https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq', 'https://linux.oracle.com/cve/CVE-2022-24801.html', 'https://linux.oracle.com/errata/ELSA-2022-4930.html', 'https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6', 'https://nvd.nist.gov/vuln/detail/CVE-2022-24801', 'https://ubuntu.com/security/notices/USN-5576-1', 'https://www.cve.org/CVERecord?id=CVE-2022-24801', 'https://www.oracle.com/security-alerts/cpujul2022.html'], 'PublishedDate': '2022-04-04T18:15:07.933Z', 'LastModifiedDate': '2023-11-07T03:44:37.783Z'}, {'VulnerabilityID': 'CVE-2024-41671', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '24.7.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41671', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'Twisted is an event-based framework for internet applications, support ...', 'Description': 'Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.', 'Severity': 'HIGH', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L', 'V3Score': 8.3}}, 'References': ['https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33', 'https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc', 'https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41671', 'https://ubuntu.com/security/notices/USN-6988-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41671'], 'PublishedDate': '2024-07-29T15:15:15.76Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2022-39348', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '22.10.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-39348', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: NameVirtualHost Host header injection', 'Description': 'Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-79', 'CWE-80'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 5.4}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 5.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 5.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-39348', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b', 'https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4', 'https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647', 'https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-39348', 'https://security.gentoo.org/glsa/202301-02', 'https://ubuntu.com/security/notices/USN-6575-1', 'https://www.cve.org/CVERecord?id=CVE-2022-39348'], 'PublishedDate': '2022-10-26T20:15:10.58Z', 'LastModifiedDate': '2023-03-08T01:07:01.43Z'}, {'VulnerabilityID': 'CVE-2023-46137', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '23.10.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-46137', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: disordered HTTP pipeline response in twisted.web', 'Description': 'Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 5.3}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 5.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-46137', 'https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm', 'https://nvd.nist.gov/vuln/detail/CVE-2023-46137', 'https://ubuntu.com/security/notices/USN-6575-1', 'https://www.cve.org/CVERecord?id=CVE-2023-46137'], 'PublishedDate': '2023-10-25T21:15:10.237Z', 'LastModifiedDate': '2023-11-02T15:57:53.777Z'}, {'VulnerabilityID': 'CVE-2024-41810', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '24.7.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41810', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: Reflected XSS via HTML Injection in Redirect Response', 'Description': 'Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-79', 'CWE-80'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 6.1}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N', 'V3Score': 4.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41810', 'https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33', 'https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41810', 'https://ubuntu.com/security/notices/USN-6988-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41810'], 'PublishedDate': '2024-07-29T16:15:05.133Z', 'LastModifiedDate': '2024-09-11T16:17:45.29Z'}, {'VulnerabilityID': 'CVE-2023-26112', 'PkgName': 'configobj', 'PkgPath': 'usr/lib/python3/dist-packages/configobj-5.0.6.egg-info/PKG-INFO', 'InstalledVersion': '5.0.6', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26112', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-configobj: Regular expression denial of service exists in ./src/configobj/validate.py', 'Description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'Severity': 'LOW', 'CweIDs': ['CWE-1333'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.7}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-26112', 'https://github.com/DiffSK/configobj', 'https://github.com/DiffSK/configobj/issues/232', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26112', 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494', 'https://ubuntu.com/security/notices/USN-7040-1', 'https://ubuntu.com/security/notices/USN-7040-2', 'https://www.cve.org/CVERecord?id=CVE-2023-26112'], 'PublishedDate': '2023-04-03T05:15:07.753Z', 'LastModifiedDate': '2023-11-07T04:09:21.94Z'}, {'VulnerabilityID': 'CVE-2023-0286', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '39.0.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0286', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'openssl: X.400 address type confusion in X.509 GeneralName', 'Description': 'There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n', 'Severity': 'HIGH', 'CweIDs': ['CWE-843'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.4}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2165', 'https://access.redhat.com/security/cve/CVE-2023-0286', 'https://access.redhat.com/security/cve/cve-2023-0286', 'https://bugzilla.redhat.com/1960321', 'https://bugzilla.redhat.com/2164440', 'https://bugzilla.redhat.com/2164487', 'https://bugzilla.redhat.com/2164492', 'https://bugzilla.redhat.com/2164494', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144000', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144003', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144006', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144008', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144012', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144015', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144017', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144019', 'https://bugzilla.redhat.com/show_bug.cgi?id=2145170', 'https://bugzilla.redhat.com/show_bug.cgi?id=2158412', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164487', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164492', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164494', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164499', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164500', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401', 'https://errata.almalinux.org/9/ALSA-2023-2165.html', 'https://errata.rockylinux.org/RLSA-2023:0946', 'https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt', 'https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig', 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9', 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658', 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5', 'https://linux.oracle.com/cve/CVE-2023-0286.html', 'https://linux.oracle.com/errata/ELSA-2023-32791.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0286', 'https://rustsec.org/advisories/RUSTSEC-2023-0006.html', 'https://security.gentoo.org/glsa/202402-08', 'https://ubuntu.com/security/notices/USN-5844-1', 'https://ubuntu.com/security/notices/USN-5845-1', 'https://ubuntu.com/security/notices/USN-5845-2', 'https://ubuntu.com/security/notices/USN-6564-1', 'https://www.cve.org/CVERecord?id=CVE-2023-0286', 'https://www.openssl.org/news/secadv/20230207.txt'], 'PublishedDate': '2023-02-08T20:15:24.267Z', 'LastModifiedDate': '2024-02-04T09:15:09.113Z'}, {'VulnerabilityID': 'CVE-2023-50782', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '42.0.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50782', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659', 'Description': 'A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.', 'Severity': 'HIGH', 'CweIDs': ['CWE-203', 'CWE-208'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 7.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254432', 'https://github.com/openssl/openssl/pull/13817', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/issues/9785', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50782', 'https://people.redhat.com/~hkario/marvin/', 'https://ubuntu.com/security/notices/USN-6663-1', 'https://ubuntu.com/security/notices/USN-6673-1', 'https://ubuntu.com/security/notices/USN-6673-2', 'https://www.cve.org/CVERecord?id=CVE-2023-50782'], 'PublishedDate': '2024-02-05T21:15:11.183Z', 'LastModifiedDate': '2024-09-27T19:15:09.603Z'}, {'VulnerabilityID': 'CVE-2023-23931', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '39.0.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-23931', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-cryptography: memory corruption via immutable objects', 'Description': 'cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 6.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:6615', 'https://access.redhat.com/security/cve/CVE-2023-23931', 'https://bugzilla.redhat.com/2171817', 'https://errata.almalinux.org/9/ALSA-2023-6615.html', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e', 'https://github.com/pyca/cryptography/pull/8230', 'https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3', 'https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r', 'https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml', 'https://linux.oracle.com/cve/CVE-2023-23931.html', 'https://linux.oracle.com/errata/ELSA-2024-2985.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-23931', 'https://ubuntu.com/security/notices/USN-6539-1', 'https://www.cve.org/CVERecord?id=CVE-2023-23931'], 'PublishedDate': '2023-02-07T21:15:09.85Z', 'LastModifiedDate': '2024-09-05T16:09:10.43Z'}, {'VulnerabilityID': 'CVE-2023-49083', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.6', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-49083', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-cryptography: NULL-dereference when loading PKCS7 certificates', 'Description': 'cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2023/11/29/2', 'https://access.redhat.com/errata/RHSA-2024:2337', 'https://access.redhat.com/security/cve/CVE-2023-49083', 'https://bugzilla.redhat.com/2255331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2255331', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083', 'https://errata.almalinux.org/9/ALSA-2024-2337.html', 'https://errata.rockylinux.org/RLSA-2024:2337', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a', 'https://github.com/pyca/cryptography/pull/9926', 'https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97', 'https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml', 'https://linux.oracle.com/cve/CVE-2023-49083.html', 'https://linux.oracle.com/errata/ELSA-2024-3105.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-49083', 'https://ubuntu.com/security/notices/USN-6539-1', 'https://www.cve.org/CVERecord?id=CVE-2023-49083'], 'PublishedDate': '2023-11-29T19:15:07.967Z', 'LastModifiedDate': '2024-09-05T16:09:10.43Z'}, {'VulnerabilityID': 'CVE-2024-0727', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '42.0.2', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0727', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'openssl: denial of service via null dereference', 'Description': 'Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/03/11/1', 'https://access.redhat.com/errata/RHSA-2024:2447', 'https://access.redhat.com/security/cve/CVE-2024-0727', 'https://bugzilla.redhat.com/2223016', 'https://bugzilla.redhat.com/2224962', 'https://bugzilla.redhat.com/2227852', 'https://bugzilla.redhat.com/2248616', 'https://bugzilla.redhat.com/2257571', 'https://bugzilla.redhat.com/2258502', 'https://bugzilla.redhat.com/2259944', 'https://errata.almalinux.org/9/ALSA-2024-2447.html', 'https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2', 'https://github.com/github/advisory-database/pull/3472', 'https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2', 'https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a', 'https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c', 'https://github.com/openssl/openssl/pull/23362', 'https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d', 'https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8', 'https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539', 'https://linux.oracle.com/cve/CVE-2024-0727.html', 'https://linux.oracle.com/errata/ELSA-2024-2447.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0727', 'https://security.netapp.com/advisory/ntap-20240208-0006', 'https://ubuntu.com/security/notices/USN-6622-1', 'https://ubuntu.com/security/notices/USN-6632-1', 'https://ubuntu.com/security/notices/USN-6709-1', 'https://ubuntu.com/security/notices/USN-7018-1', 'https://www.cve.org/CVERecord?id=CVE-2024-0727', 'https://www.openssl.org/news/secadv/20240125.txt'], 'PublishedDate': '2024-01-26T09:15:07.637Z', 'LastModifiedDate': '2024-10-14T15:15:13.1Z'}, {'VulnerabilityID': 'GHSA-5cpq-8wj7-hf2v', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://github.com/advisories/GHSA-5cpq-8wj7-hf2v', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'Vulnerable OpenSSL included in cryptography wheels', 'Description': 'pyca/cryptography\'s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.\n\nIf you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.', 'Severity': 'LOW', 'References': ['https://cryptography.io/en/latest/changelog/#v41-0-0', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22', 'https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v']}, {'VulnerabilityID': 'GHSA-jm77-qphf-c4w8', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.3', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://github.com/advisories/GHSA-jm77-qphf-c4w8', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': "pyca/cryptography's wheels include vulnerable OpenSSL", 'Description': 'pyca/cryptography\'s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.\n\nIf you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.', 'Severity': 'LOW', 'References': ['https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d', 'https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2', 'https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8', 'https://www.openssl.org/news/secadv/20230714.txt', 'https://www.openssl.org/news/secadv/20230719.txt', 'https://www.openssl.org/news/secadv/20230731.txt']}, {'VulnerabilityID': 'GHSA-v8gr-m533-ghj9', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.4', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://github.com/advisories/GHSA-v8gr-m533-ghj9', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'Vulnerable OpenSSL included in cryptography wheels', 'Description': 'pyca/cryptography\'s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.\n\nIf you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.', 'Severity': 'LOW', 'References': ['https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512', 'https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9']}, {'VulnerabilityID': 'CVE-2024-3651', 'PkgName': 'idna', 'PkgPath': 'usr/lib/python3/dist-packages/idna-3.3.egg-info/PKG-INFO', 'InstalledVersion': '3.3', 'FixedVersion': '3.7', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-3651', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()', 'Description': "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3846', 'https://access.redhat.com/security/cve/CVE-2024-3651', 'https://bugzilla.redhat.com/2274779', 'https://bugzilla.redhat.com/show_bug.cgi?id=2274779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651', 'https://errata.almalinux.org/9/ALSA-2024-3846.html', 'https://errata.rockylinux.org/RLSA-2024:3846', 'https://github.com/kjd/idna', 'https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d', 'https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h', 'https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml', 'https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb', 'https://linux.oracle.com/cve/CVE-2024-3651.html', 'https://linux.oracle.com/errata/ELSA-2024-4260.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-3651', 'https://ubuntu.com/security/notices/USN-6780-1', 'https://www.cve.org/CVERecord?id=CVE-2024-3651'], 'PublishedDate': '2024-07-07T18:15:09.827Z', 'LastModifiedDate': '2024-07-11T14:58:01.803Z'}, {'VulnerabilityID': 'CVE-2023-32681', 'PkgName': 'requests', 'PkgPath': 'usr/lib/python3/dist-packages/requests-2.25.1.egg-info/PKG-INFO', 'InstalledVersion': '2.25.1', 'FixedVersion': '2.31.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-32681', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-requests: Unintended leak of Proxy-Authorization header', 'Description': 'Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N', 'V3Score': 6.1}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4350', 'https://access.redhat.com/security/cve/CVE-2023-32681', 'https://bugzilla.redhat.com/2209469', 'https://bugzilla.redhat.com/show_bug.cgi?id=2209469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681', 'https://errata.almalinux.org/9/ALSA-2023-4350.html', 'https://errata.rockylinux.org/RLSA-2023:4520', 'https://github.com/psf/requests', 'https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5', 'https://github.com/psf/requests/releases/tag/v2.31.0', 'https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q', 'https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml', 'https://linux.oracle.com/cve/CVE-2023-32681.html', 'https://linux.oracle.com/errata/ELSA-2023-7050.html', 'https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-32681', 'https://security.gentoo.org/glsa/202309-08', 'https://ubuntu.com/security/notices/USN-6155-1', 'https://ubuntu.com/security/notices/USN-6155-2', 'https://www.cve.org/CVERecord?id=CVE-2023-32681'], 'PublishedDate': '2023-05-26T18:15:14.147Z', 'LastModifiedDate': '2023-09-17T09:15:12.327Z'}, {'VulnerabilityID': 'CVE-2024-35195', 'PkgName': 'requests', 'PkgPath': 'usr/lib/python3/dist-packages/requests-2.25.1.egg-info/PKG-INFO', 'InstalledVersion': '2.25.1', 'FixedVersion': '2.32.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35195', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'requests: subsequent requests to the same host ignore cert verification', 'Description': 'Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-670'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N', 'V3Score': 5.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35195', 'https://github.com/psf/requests', 'https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac', 'https://github.com/psf/requests/pull/6655', 'https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35195', 'https://www.cve.org/CVERecord?id=CVE-2024-35195'], 'PublishedDate': '2024-05-20T21:15:09.99Z', 'LastModifiedDate': '2024-06-10T17:16:29.563Z'}, {'VulnerabilityID': 'CVE-2024-5569', 'PkgName': 'zipp', 'PkgPath': 'usr/lib/python3/dist-packages/zipp-1.0.0.egg-info/PKG-INFO', 'InstalledVersion': '1.0.0', 'FixedVersion': '3.19.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-5569', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp', 'Description': 'A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-5569', 'https://github.com/jaraco/zipp', 'https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd', 'https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae', 'https://nvd.nist.gov/vuln/detail/CVE-2024-5569', 'https://ubuntu.com/security/notices/USN-6906-1', 'https://www.cve.org/CVERecord?id=CVE-2024-5569'], 'PublishedDate': '2024-07-09T00:15:02.32Z', 'LastModifiedDate': '2024-07-09T18:19:14.047Z'}]}, {'Target': 'usr/lib/snapd/snap-bootstrap', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-exec', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-fde-keymgr', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-preseed', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-recovery-chooser', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-repair', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-update-ns', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snapctl', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snapd', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}]}
+running scan on snap {'instance_id': 'i-0d685892d3b54a88e', 'volume_id': 'vol-0f448e655e80cb0a9', 'snapshot_id': 'snap-0bc91bff535ec1bfe', 'last_updated': 1729519373}
+{'SchemaVersion': 2, 'ArtifactName': 'snap-0bc91bff535ec1bfe', 'ArtifactType': 'vm', 'Metadata': {'OS': {'Family': 'ubuntu', 'Name': '22.04'}, 'ImageConfig': {'architecture': '', 'created': '0001-01-01T00:00:00Z', 'os': '', 'rootfs': {'type': '', 'diff_ids': None}, 'config': {}}}, 'Results': [{'Target': 'snap-0bc91bff535ec1bfe (ubuntu 22.04)', 'Class': 'os-pkgs', 'Type': 'ubuntu', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2021-26318', 'PkgID': 'amd64-microcode@3.20191218.1ubuntu2.2', 'PkgName': 'amd64-microcode', 'InstalledVersion': '3.20191218.1ubuntu2.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-203', 'CWE-208'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 1.9, 'V3Score': 4.7}}, 'References': ['https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017', 'https://www.cve.org/CVERecord?id=CVE-2021-26318'], 'PublishedDate': '2021-10-13T19:15:07.36Z', 'LastModifiedDate': '2021-10-20T18:29:12.263Z'}, {'VulnerabilityID': 'CVE-2023-31315', 'PkgID': 'amd64-microcode@3.20191218.1ubuntu2.2', 'PkgName': 'amd64-microcode', 'InstalledVersion': '3.20191218.1ubuntu2.2', 'FixedVersion': '3.20191218.1ubuntu2.3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'hw: amd: SMM Lock Bypass', 'Description': 'Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-94'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31315', 'https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit?id=091bd5adf19c7ab01214c64689952acb4833b21d', 'https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/', 'https://linux.oracle.com/cve/CVE-2023-31315.html', 'https://linux.oracle.com/errata/ELSA-2024-12580.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31315', 'https://ubuntu.com/security/notices/USN-7077-1', 'https://www.amd.com/en/resources/product-security.html', 'https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html', 'https://www.cve.org/CVERecord?id=CVE-2023-31315'], 'PublishedDate': '2024-08-12T13:38:10.353Z', 'LastModifiedDate': '2024-08-27T15:35:00.983Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'binutils@2.38-4ubuntu2.6', 'PkgName': 'binutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'binutils-common@2.38-4ubuntu2.6', 'PkgName': 'binutils-common', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'binutils-x86-64-linux-gnu@2.38-4ubuntu2.6', 'PkgName': 'binutils-x86-64-linux-gnu', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2023-39810', 'PkgID': 'busybox-initramfs@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-initramfs', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-39810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: CPIO command of Busybox allows attackers to execute a directory traversal', 'Description': 'An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-22'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['http://busybox.com', 'http://lists.busybox.net/pipermail/busybox/2024-August/090865.html', 'https://access.redhat.com/security/cve/CVE-2023-39810', 'https://nvd.nist.gov/vuln/detail/CVE-2023-39810', 'https://www.cve.org/CVERecord?id=CVE-2023-39810', 'https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/'], 'PublishedDate': '2023-08-28T19:15:07.893Z', 'LastModifiedDate': '2023-09-07T13:48:46.393Z'}, {'VulnerabilityID': 'CVE-2023-42366', 'PkgID': 'busybox-initramfs@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-initramfs', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-42366', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: A heap-buffer-overflow', 'Description': 'A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-42366', 'https://bugs.busybox.net/show_bug.cgi?id=15874', 'https://nvd.nist.gov/vuln/detail/CVE-2023-42366', 'https://www.cve.org/CVERecord?id=CVE-2023-42366'], 'PublishedDate': '2023-11-27T23:15:07.42Z', 'LastModifiedDate': '2023-11-30T05:08:23.197Z'}, {'VulnerabilityID': 'CVE-2022-28391', 'PkgID': 'busybox-initramfs@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-initramfs', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-28391', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: remote attackers may execute arbitrary code if netstat is used', 'Description': "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-28391', 'https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch', 'https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch', 'https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661', 'https://nvd.nist.gov/vuln/detail/CVE-2022-28391', 'https://www.cve.org/CVERecord?id=CVE-2022-28391'], 'PublishedDate': '2022-04-03T21:15:08.207Z', 'LastModifiedDate': '2022-08-11T18:44:50.37Z'}, {'VulnerabilityID': 'CVE-2023-39810', 'PkgID': 'busybox-static@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-static', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-39810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: CPIO command of Busybox allows attackers to execute a directory traversal', 'Description': 'An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-22'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['http://busybox.com', 'http://lists.busybox.net/pipermail/busybox/2024-August/090865.html', 'https://access.redhat.com/security/cve/CVE-2023-39810', 'https://nvd.nist.gov/vuln/detail/CVE-2023-39810', 'https://www.cve.org/CVERecord?id=CVE-2023-39810', 'https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/'], 'PublishedDate': '2023-08-28T19:15:07.893Z', 'LastModifiedDate': '2023-09-07T13:48:46.393Z'}, {'VulnerabilityID': 'CVE-2023-42366', 'PkgID': 'busybox-static@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-static', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-42366', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: A heap-buffer-overflow', 'Description': 'A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-42366', 'https://bugs.busybox.net/show_bug.cgi?id=15874', 'https://nvd.nist.gov/vuln/detail/CVE-2023-42366', 'https://www.cve.org/CVERecord?id=CVE-2023-42366'], 'PublishedDate': '2023-11-27T23:15:07.42Z', 'LastModifiedDate': '2023-11-30T05:08:23.197Z'}, {'VulnerabilityID': 'CVE-2022-28391', 'PkgID': 'busybox-static@1:1.30.1-7ubuntu3.1', 'PkgName': 'busybox-static', 'InstalledVersion': '1:1.30.1-7ubuntu3.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-28391', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'busybox: remote attackers may execute arbitrary code if netstat is used', 'Description': "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-28391', 'https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch', 'https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch', 'https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661', 'https://nvd.nist.gov/vuln/detail/CVE-2022-28391', 'https://www.cve.org/CVERecord?id=CVE-2022-28391'], 'PublishedDate': '2022-04-03T21:15:08.207Z', 'LastModifiedDate': '2022-08-11T18:44:50.37Z'}, {'VulnerabilityID': 'CVE-2016-2781', 'PkgID': 'coreutils@8.32-4.1ubuntu1.2', 'PkgName': 'coreutils', 'InstalledVersion': '8.32-4.1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'coreutils: Non-privileged session can escape to the parent session in chroot', 'Description': "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:L/AC:H/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H', 'V2Score': 6.2, 'V3Score': 8.6}}, 'References': ['http://seclists.org/oss-sec/2016/q1/452', 'http://www.openwall.com/lists/oss-security/2016/02/28/2', 'http://www.openwall.com/lists/oss-security/2016/02/28/3', 'https://access.redhat.com/security/cve/CVE-2016-2781', 'https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2781', 'https://www.cve.org/CVERecord?id=CVE-2016-2781'], 'PublishedDate': '2017-02-07T15:59:00.333Z', 'LastModifiedDate': '2023-11-07T02:32:03.347Z'}, {'VulnerabilityID': 'CVE-2023-7216', 'PkgID': 'cpio@2.13+dfsg-7ubuntu0.1', 'PkgName': 'cpio', 'InstalledVersion': '2.13+dfsg-7ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7216', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'CPIO: extraction allows symlinks which enables Remote Command Execution', 'Description': 'A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-22', 'CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-7216', 'https://bugzilla.redhat.com/show_bug.cgi?id=2249901', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7216', 'https://www.cve.org/CVERecord?id=CVE-2023-7216'], 'PublishedDate': '2024-02-05T15:15:08.903Z', 'LastModifiedDate': '2024-09-19T06:15:02.437Z'}, {'VulnerabilityID': 'CVE-2023-34969', 'PkgID': 'dbus@1.12.20-2ubuntu4.1', 'PkgName': 'dbus', 'InstalledVersion': '1.12.20-2ubuntu4.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-34969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered', 'Description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4569', 'https://access.redhat.com/security/cve/CVE-2023-34969', 'https://bugzilla.redhat.com/2213166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213166', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969', 'https://errata.almalinux.org/9/ALSA-2023-4569.html', 'https://errata.rockylinux.org/RLSA-2023:4569', 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457', 'https://linux.oracle.com/cve/CVE-2023-34969.html', 'https://linux.oracle.com/errata/ELSA-2023-4569.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-34969', 'https://security.netapp.com/advisory/ntap-20231208-0007/', 'https://ubuntu.com/security/notices/USN-6372-1', 'https://www.cve.org/CVERecord?id=CVE-2023-34969'], 'PublishedDate': '2023-06-08T03:15:08.97Z', 'LastModifiedDate': '2023-12-27T16:36:58.353Z'}, {'VulnerabilityID': 'CVE-2023-34969', 'PkgID': 'dbus-user-session@1.12.20-2ubuntu4.1', 'PkgName': 'dbus-user-session', 'InstalledVersion': '1.12.20-2ubuntu4.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-34969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered', 'Description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4569', 'https://access.redhat.com/security/cve/CVE-2023-34969', 'https://bugzilla.redhat.com/2213166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213166', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969', 'https://errata.almalinux.org/9/ALSA-2023-4569.html', 'https://errata.rockylinux.org/RLSA-2023:4569', 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457', 'https://linux.oracle.com/cve/CVE-2023-34969.html', 'https://linux.oracle.com/errata/ELSA-2023-4569.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-34969', 'https://security.netapp.com/advisory/ntap-20231208-0007/', 'https://ubuntu.com/security/notices/USN-6372-1', 'https://www.cve.org/CVERecord?id=CVE-2023-34969'], 'PublishedDate': '2023-06-08T03:15:08.97Z', 'LastModifiedDate': '2023-12-27T16:36:58.353Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'dirmngr@2.2.27-3ubuntu2.1', 'PkgName': 'dirmngr', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2023-30630', 'PkgID': 'dmidecode@3.3-3ubuntu0.1', 'PkgName': 'dmidecode', 'InstalledVersion': '3.3-3ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-30630', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dmidecode: dump-bin to overwrite a local file', 'Description': 'Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:5061', 'https://access.redhat.com/security/cve/CVE-2023-30630', 'https://bugzilla.redhat.com/2186669', 'https://bugzilla.redhat.com/show_bug.cgi?id=2186669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30630', 'https://errata.almalinux.org/9/ALSA-2023-5061.html', 'https://errata.rockylinux.org/RLSA-2023:5061', 'https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2', 'https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206', 'https://github.com/adamreiser/dmiwrite', 'https://github.com/advisories/GHSA-9r2p-xmm5-5ppg', 'https://linux.oracle.com/cve/CVE-2023-30630.html', 'https://linux.oracle.com/errata/ELSA-2023-5252.html', 'https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-30630', 'https://www.cve.org/CVERecord?id=CVE-2023-30630'], 'PublishedDate': '2023-04-13T16:15:07.93Z', 'LastModifiedDate': '2023-09-28T17:54:17.707Z'}, {'VulnerabilityID': 'CVE-2023-4039', 'PkgID': 'gcc-12-base@12.3.0-1ubuntu1~22.04', 'PkgName': 'gcc-12-base', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4039', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64', 'Description': '\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-693'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4039', 'https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64', 'https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt', 'https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html', 'https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf', 'https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org', 'https://linux.oracle.com/cve/CVE-2023-4039.html', 'https://linux.oracle.com/errata/ELSA-2023-28766.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4039', 'https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html', 'https://www.cve.org/CVERecord?id=CVE-2023-4039'], 'PublishedDate': '2023-09-13T09:15:15.69Z', 'LastModifiedDate': '2024-08-02T08:15:14.993Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'gcc-12-base@12.3.0-1ubuntu1~22.04', 'PkgName': 'gcc-12-base', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2018-1000021', 'PkgID': 'git@1:2.34.1-1ubuntu1.11', 'PkgName': 'git', 'InstalledVersion': '1:2.34.1-1ubuntu1.11', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1000021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands', 'Description': 'GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).', 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5}}, 'References': ['http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html', 'https://access.redhat.com/security/cve/CVE-2018-1000021', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1000021', 'https://public-inbox.org/git/20180205204312.GB104086@aiede.svl.corp.google.com/', 'https://www.cve.org/CVERecord?id=CVE-2018-1000021'], 'PublishedDate': '2018-02-09T23:29:00.557Z', 'LastModifiedDate': '2018-03-06T19:34:06.18Z'}, {'VulnerabilityID': 'CVE-2018-1000021', 'PkgID': 'git-man@1:2.34.1-1ubuntu1.11', 'PkgName': 'git-man', 'InstalledVersion': '1:2.34.1-1ubuntu1.11', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1000021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands', 'Description': 'GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).', 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 5}}, 'References': ['http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html', 'https://access.redhat.com/security/cve/CVE-2018-1000021', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1000021', 'https://public-inbox.org/git/20180205204312.GB104086@aiede.svl.corp.google.com/', 'https://www.cve.org/CVERecord?id=CVE-2018-1000021'], 'PublishedDate': '2018-02-09T23:29:00.557Z', 'LastModifiedDate': '2018-03-06T19:34:06.18Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gnupg@2.2.27-3ubuntu2.1', 'PkgName': 'gnupg', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gnupg-l10n@2.2.27-3ubuntu2.1', 'PkgName': 'gnupg-l10n', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gnupg-utils@2.2.27-3ubuntu2.1', 'PkgName': 'gnupg-utils', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg@2.2.27-3ubuntu2.1', 'PkgName': 'gpg', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg-agent@2.2.27-3ubuntu2.1', 'PkgName': 'gpg-agent', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg-wks-client@2.2.27-3ubuntu2.1', 'PkgName': 'gpg-wks-client', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpg-wks-server@2.2.27-3ubuntu2.1', 'PkgName': 'gpg-wks-server', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpgconf@2.2.27-3ubuntu2.1', 'PkgName': 'gpgconf', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpgsm@2.2.27-3ubuntu2.1', 'PkgName': 'gpgsm', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2022-3219', 'PkgID': 'gpgv@2.2.27-3ubuntu2.1', 'PkgName': 'gpgv', 'InstalledVersion': '2.2.27-3ubuntu2.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3219', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gnupg: denial of service issue (resource consumption) using compressed packets', 'Description': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3219', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127010', 'https://dev.gnupg.org/D556', 'https://dev.gnupg.org/T5993', 'https://marc.info/?l=oss-security&m=165696590211434&w=4', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3219', 'https://security.netapp.com/advisory/ntap-20230324-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-3219'], 'PublishedDate': '2023-02-23T20:15:12.393Z', 'LastModifiedDate': '2023-05-26T16:31:34.07Z'}, {'VulnerabilityID': 'CVE-2024-48957', 'PkgID': 'libarchive13@3.6.0-1ubuntu1.1', 'PkgName': 'libarchive13', 'InstalledVersion': '3.6.0-1ubuntu1.1', 'FixedVersion': '3.6.0-1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-48957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "libarchive: Out-of-bounds access in libarchive's archive file handling", 'Description': 'execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-48957', 'https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5)', 'https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5', 'https://github.com/libarchive/libarchive/pull/2149', 'https://nvd.nist.gov/vuln/detail/CVE-2024-48957', 'https://ubuntu.com/security/notices/USN-7070-1', 'https://www.cve.org/CVERecord?id=CVE-2024-48957'], 'PublishedDate': '2024-10-10T02:15:02.99Z', 'LastModifiedDate': '2024-10-11T21:36:47.93Z'}, {'VulnerabilityID': 'CVE-2024-48958', 'PkgID': 'libarchive13@3.6.0-1ubuntu1.1', 'PkgName': 'libarchive13', 'InstalledVersion': '3.6.0-1ubuntu1.1', 'FixedVersion': '3.6.0-1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-48958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "libarchive: Out-of-bounds access in libarchive's RAR file handling", 'Description': 'execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-48958', 'https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 (v3.7.5)', 'https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5', 'https://github.com/libarchive/libarchive/pull/2148', 'https://nvd.nist.gov/vuln/detail/CVE-2024-48958', 'https://ubuntu.com/security/notices/USN-7070-1', 'https://www.cve.org/CVERecord?id=CVE-2024-48958'], 'PublishedDate': '2024-10-10T02:15:03.057Z', 'LastModifiedDate': '2024-10-11T21:36:48.687Z'}, {'VulnerabilityID': 'CVE-2022-36227', 'PkgID': 'libarchive13@3.6.0-1ubuntu1.1', 'PkgName': 'libarchive13', 'InstalledVersion': '3.6.0-1ubuntu1.1', 'FixedVersion': '3.6.0-1ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-36227', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libarchive: NULL pointer dereference in archive_write.c', 'Description': 'In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 9.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2532', 'https://access.redhat.com/security/cve/CVE-2022-36227', 'https://bugs.gentoo.org/882521', 'https://bugzilla.redhat.com/2144972', 'https://errata.almalinux.org/9/ALSA-2023-2532.html', 'https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215', 'https://github.com/libarchive/libarchive/issues/1754', 'https://github.com/libarchive/libarchive/pull/1759', 'https://linux.oracle.com/cve/CVE-2022-36227.html', 'https://linux.oracle.com/errata/ELSA-2023-3018.html', 'https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-36227', 'https://security.gentoo.org/glsa/202309-14', 'https://ubuntu.com/security/notices/USN-7070-1', 'https://www.cve.org/CVERecord?id=CVE-2022-36227'], 'PublishedDate': '2022-11-22T02:15:11.003Z', 'LastModifiedDate': '2024-03-27T16:04:27.21Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'libbinutils@2.38-4ubuntu2.6', 'PkgName': 'libbinutils', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2016-20013', 'PkgID': 'libc-bin@2.35-0ubuntu3.8', 'PkgName': 'libc-bin', 'InstalledVersion': '2.35-0ubuntu3.8', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-20013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}}, 'References': ['https://akkadia.org/drepper/SHA-crypt.txt', 'https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/', 'https://twitter.com/solardiz/status/795601240151457793', 'https://www.cve.org/CVERecord?id=CVE-2016-20013'], 'PublishedDate': '2022-02-19T05:15:09.413Z', 'LastModifiedDate': '2022-03-03T16:43:19.667Z'}, {'VulnerabilityID': 'CVE-2016-20013', 'PkgID': 'libc6@2.35-0ubuntu3.8', 'PkgName': 'libc6', 'InstalledVersion': '2.35-0ubuntu3.8', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-20013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}}, 'References': ['https://akkadia.org/drepper/SHA-crypt.txt', 'https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/', 'https://twitter.com/solardiz/status/795601240151457793', 'https://www.cve.org/CVERecord?id=CVE-2016-20013'], 'PublishedDate': '2022-02-19T05:15:09.413Z', 'LastModifiedDate': '2022-03-03T16:43:19.667Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'libctf-nobfd0@2.38-4ubuntu2.6', 'PkgName': 'libctf-nobfd0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2017-13716', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Memory leak with the C++ symbol demangler routine in libiberty', 'Description': 'The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 7.1, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2017-13716', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13716', 'https://sourceware.org/bugzilla/show_bug.cgi?id=22009', 'https://www.cve.org/CVERecord?id=CVE-2017-13716'], 'PublishedDate': '2017-08-28T21:29:00.293Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2018-20657', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-20657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libiberty: Memory leak in demangle_template function resulting in a denial of service', 'Description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'Severity': 'LOW', 'CweIDs': ['CWE-772'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/106444', 'https://access.redhat.com/errata/RHSA-2019:3352', 'https://access.redhat.com/security/cve/CVE-2018-20657', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539', 'https://linux.oracle.com/cve/CVE-2018-20657.html', 'https://linux.oracle.com/errata/ELSA-2019-3352.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-20657', 'https://support.f5.com/csp/article/K62602089', 'https://www.cve.org/CVERecord?id=CVE-2018-20657'], 'PublishedDate': '2019-01-02T14:29:00.313Z', 'LastModifiedDate': '2019-11-06T01:15:17.87Z'}, {'VulnerabilityID': 'CVE-2019-1010204', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-1010204', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service', 'Description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'Severity': 'LOW', 'CweIDs': ['CWE-125', 'CWE-681'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-1010204', 'https://linux.oracle.com/cve/CVE-2019-1010204.html', 'https://linux.oracle.com/errata/ELSA-2020-1797.html', 'https://nvd.nist.gov/vuln/detail/CVE-2019-1010204', 'https://security.netapp.com/advisory/ntap-20190822-0001/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765', 'https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'https://ubuntu.com/security/notices/USN-5349-1', 'https://www.cve.org/CVERecord?id=CVE-2019-1010204'], 'PublishedDate': '2019-07-23T14:15:13.373Z', 'LastModifiedDate': '2023-11-07T03:02:17.51Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2022-48064', 'PkgID': 'libctf0@2.38-4ubuntu2.6', 'PkgName': 'libctf0', 'InstalledVersion': '2.38-4ubuntu2.6', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48064', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c', 'Description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48064', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48064', 'https://security.netapp.com/advisory/ntap-20231006-0008/', 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922', 'https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'https://www.cve.org/CVERecord?id=CVE-2022-48064'], 'PublishedDate': '2023-08-22T19:16:30.937Z', 'LastModifiedDate': '2023-11-07T03:56:28.11Z'}, {'VulnerabilityID': 'CVE-2023-34969', 'PkgID': 'libdbus-1-3@1.12.20-2ubuntu4.1', 'PkgName': 'libdbus-1-3', 'InstalledVersion': '1.12.20-2ubuntu4.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-34969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered', 'Description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4569', 'https://access.redhat.com/security/cve/CVE-2023-34969', 'https://bugzilla.redhat.com/2213166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213166', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969', 'https://errata.almalinux.org/9/ALSA-2023-4569.html', 'https://errata.rockylinux.org/RLSA-2023:4569', 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457', 'https://linux.oracle.com/cve/CVE-2023-34969.html', 'https://linux.oracle.com/errata/ELSA-2023-4569.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-34969', 'https://security.netapp.com/advisory/ntap-20231208-0007/', 'https://ubuntu.com/security/notices/USN-6372-1', 'https://www.cve.org/CVERecord?id=CVE-2023-34969'], 'PublishedDate': '2023-06-08T03:15:08.97Z', 'LastModifiedDate': '2023-12-27T16:36:58.353Z'}, {'VulnerabilityID': 'CVE-2022-3287', 'PkgID': 'libfwupd2@1.7.9-1~22.04.3', 'PkgName': 'libfwupd2', 'InstalledVersion': '1.7.9-1~22.04.3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'fwupd: world readable password in /etc/fwupd/redfish.conf', 'Description': 'When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.', 'Severity': 'LOW', 'CweIDs': ['CWE-552', 'CWE-256'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2487', 'https://access.redhat.com/security/cve/CVE-2022-3287', 'https://bugzilla.redhat.com/2120687', 'https://bugzilla.redhat.com/2120699', 'https://bugzilla.redhat.com/2120701', 'https://bugzilla.redhat.com/2129904', 'https://bugzilla.redhat.com/show_bug.cgi?id=2129904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3287', 'https://errata.almalinux.org/9/ALSA-2023-2487.html', 'https://errata.rockylinux.org/RLSA-2023:7189', 'https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091', 'https://linux.oracle.com/cve/CVE-2022-3287.html', 'https://linux.oracle.com/errata/ELSA-2023-7189.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3287', 'https://www.cve.org/CVERecord?id=CVE-2022-3287'], 'PublishedDate': '2022-09-28T20:15:18.433Z', 'LastModifiedDate': '2023-11-07T03:51:04.06Z'}, {'VulnerabilityID': 'CVE-2022-3287', 'PkgID': 'libfwupdplugin5@1.7.9-1~22.04.3', 'PkgName': 'libfwupdplugin5', 'InstalledVersion': '1.7.9-1~22.04.3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'fwupd: world readable password in /etc/fwupd/redfish.conf', 'Description': 'When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.', 'Severity': 'LOW', 'CweIDs': ['CWE-552', 'CWE-256'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2487', 'https://access.redhat.com/security/cve/CVE-2022-3287', 'https://bugzilla.redhat.com/2120687', 'https://bugzilla.redhat.com/2120699', 'https://bugzilla.redhat.com/2120701', 'https://bugzilla.redhat.com/2129904', 'https://bugzilla.redhat.com/show_bug.cgi?id=2129904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3287', 'https://errata.almalinux.org/9/ALSA-2023-2487.html', 'https://errata.rockylinux.org/RLSA-2023:7189', 'https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091', 'https://linux.oracle.com/cve/CVE-2022-3287.html', 'https://linux.oracle.com/errata/ELSA-2023-7189.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3287', 'https://www.cve.org/CVERecord?id=CVE-2022-3287'], 'PublishedDate': '2022-09-28T20:15:18.433Z', 'LastModifiedDate': '2023-11-07T03:51:04.06Z'}, {'VulnerabilityID': 'CVE-2023-4039', 'PkgID': 'libgcc-s1@12.3.0-1ubuntu1~22.04', 'PkgName': 'libgcc-s1', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4039', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64', 'Description': '\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-693'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4039', 'https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64', 'https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt', 'https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html', 'https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf', 'https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org', 'https://linux.oracle.com/cve/CVE-2023-4039.html', 'https://linux.oracle.com/errata/ELSA-2023-28766.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4039', 'https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html', 'https://www.cve.org/CVERecord?id=CVE-2023-4039'], 'PublishedDate': '2023-09-13T09:15:15.69Z', 'LastModifiedDate': '2024-08-02T08:15:14.993Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libgcc-s1@12.3.0-1ubuntu1~22.04', 'PkgName': 'libgcc-s1', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2024-2236', 'PkgID': 'libgcrypt20@1.9.4-3ubuntu3', 'PkgName': 'libgcrypt20', 'InstalledVersion': '1.9.4-3ubuntu3', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-2236', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libgcrypt: vulnerable to Marvin Attack', 'Description': "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-208'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-2236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2245218', 'https://dev.gnupg.org/T7136', 'https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt', 'https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17', 'https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-2236', 'https://www.cve.org/CVERecord?id=CVE-2024-2236'], 'PublishedDate': '2024-03-06T22:15:57.977Z', 'LastModifiedDate': '2024-09-14T04:15:02.903Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libgssapi-krb5-2@1.19.2-2ubuntu0.4', 'PkgName': 'libgssapi-krb5-2', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libgssapi-krb5-2@1.19.2-2ubuntu0.4', 'PkgName': 'libgssapi-krb5-2', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libgssapi-krb5-2@1.19.2-2ubuntu0.4', 'PkgName': 'libgssapi-krb5-2', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libk5crypto3@1.19.2-2ubuntu0.4', 'PkgName': 'libk5crypto3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libk5crypto3@1.19.2-2ubuntu0.4', 'PkgName': 'libk5crypto3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libk5crypto3@1.19.2-2ubuntu0.4', 'PkgName': 'libk5crypto3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libkrb5-3@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5-3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libkrb5-3@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5-3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libkrb5-3@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5-3', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2024-26462', 'PkgID': 'libkrb5support0@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5support0', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26462', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/kdc/ndr.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26462', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26462', 'https://security.netapp.com/advisory/ntap-20240415-0012/', 'https://www.cve.org/CVERecord?id=CVE-2024-26462'], 'PublishedDate': '2024-02-29T01:44:18.857Z', 'LastModifiedDate': '2024-05-14T15:09:01.053Z'}, {'VulnerabilityID': 'CVE-2024-26458', 'PkgID': 'libkrb5support0@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5support0', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26458', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26458', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md', 'https://linux.oracle.com/cve/CVE-2024-26458.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26458', 'https://security.netapp.com/advisory/ntap-20240415-0010/', 'https://www.cve.org/CVERecord?id=CVE-2024-26458'], 'PublishedDate': '2024-02-29T01:44:18.78Z', 'LastModifiedDate': '2024-05-14T15:09:00.47Z'}, {'VulnerabilityID': 'CVE-2024-26461', 'PkgID': 'libkrb5support0@1.19.2-2ubuntu0.4', 'PkgName': 'libkrb5support0', 'InstalledVersion': '1.19.2-2ubuntu0.4', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26461', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c', 'Description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3268', 'https://access.redhat.com/security/cve/CVE-2024-26461', 'https://bugzilla.redhat.com/2266731', 'https://bugzilla.redhat.com/2266740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266731', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461', 'https://errata.almalinux.org/8/ALSA-2024-3268.html', 'https://errata.rockylinux.org/RLSA-2024:3268', 'https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md', 'https://linux.oracle.com/cve/CVE-2024-26461.html', 'https://linux.oracle.com/errata/ELSA-2024-3268.html', 'https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26461', 'https://security.netapp.com/advisory/ntap-20240415-0011/', 'https://www.cve.org/CVERecord?id=CVE-2024-26461'], 'PublishedDate': '2024-02-29T01:44:18.82Z', 'LastModifiedDate': '2024-08-14T16:35:10.207Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'libncurses6@6.3-2ubuntu0.1', 'PkgName': 'libncurses6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'libncurses6@6.3-2ubuntu0.1', 'PkgName': 'libncurses6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'libncursesw6@6.3-2ubuntu0.1', 'PkgName': 'libncursesw6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'libncursesw6@6.3-2ubuntu0.1', 'PkgName': 'libncursesw6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libnss-systemd@249.11-0ubuntu3.12', 'PkgName': 'libnss-systemd', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-52890', 'PkgID': 'libntfs-3g89@1:2021.8.22-3ubuntu1.2', 'PkgName': 'libntfs-3g89', 'InstalledVersion': '1:2021.8.22-3ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...', 'Description': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.', 'Severity': 'LOW', 'References': ['https://github.com/tuxera/ntfs-3g/issues/84', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52890', 'https://www.cve.org/CVERecord?id=CVE-2023-52890'], 'PublishedDate': '2024-06-13T04:15:15.92Z', 'LastModifiedDate': '2024-06-13T18:36:09.01Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libpam-systemd@249.11-0ubuntu3.12', 'PkgName': 'libpam-systemd', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2022-41409', 'PkgID': 'libpcre2-8-0@10.39-3ubuntu0.1', 'PkgName': 'libpcre2-8-0', 'InstalledVersion': '10.39-3ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-41409', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop', 'Description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.', 'Severity': 'LOW', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-41409', 'https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35', 'https://github.com/PCRE2Project/pcre2/issues/141', 'https://github.com/advisories/GHSA-4qfx-v7wh-3q4j', 'https://nvd.nist.gov/vuln/detail/CVE-2022-41409', 'https://www.cve.org/CVERecord?id=CVE-2022-41409'], 'PublishedDate': '2023-07-18T14:15:12.197Z', 'LastModifiedDate': '2023-07-27T03:46:09.807Z'}, {'VulnerabilityID': 'CVE-2017-11164', 'PkgID': 'libpcre3@2:8.39-13ubuntu0.22.04.1', 'PkgName': 'libpcre3', 'InstalledVersion': '2:8.39-13ubuntu0.22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-11164', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'pcre: OP_KETRMAX feature in the match function in pcre_exec.c', 'Description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 7.8, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://openwall.com/lists/oss-security/2017/07/11/3', 'http://www.openwall.com/lists/oss-security/2023/04/11/1', 'http://www.openwall.com/lists/oss-security/2023/04/12/1', 'http://www.securityfocus.com/bid/99575', 'https://access.redhat.com/security/cve/CVE-2017-11164', 'https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E', 'https://nvd.nist.gov/vuln/detail/CVE-2017-11164', 'https://www.cve.org/CVERecord?id=CVE-2017-11164'], 'PublishedDate': '2017-07-11T03:29:00.277Z', 'LastModifiedDate': '2023-11-07T02:38:10.98Z'}, {'VulnerabilityID': 'CVE-2022-3857', 'PkgID': 'libpng16-16@1.6.37-3build5', 'PkgName': 'libpng16-16', 'InstalledVersion': '1.6.37-3build5', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'libpng: Null pointer dereference leads to segmentation fault', 'Description': 'Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3857', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3857', 'https://sourceforge.net/p/libpng/bugs/300/', 'https://www.cve.org/CVERecord?id=CVE-2022-3857'], 'PublishedDate': '2023-03-06T23:15:11.087Z', 'LastModifiedDate': '2024-10-09T04:15:06.567Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'libpolkit-agent-1-0@0.105-33', 'PkgName': 'libpolkit-agent-1-0', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'libpolkit-gobject-1-0@0.105-33', 'PkgName': 'libpolkit-gobject-1-0', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2024-41996', 'PkgID': 'libssl3@3.0.2-0ubuntu1.18', 'PkgName': 'libssl3', 'InstalledVersion': '3.0.2-0ubuntu1.18', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations', 'Description': 'Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.', 'Severity': 'LOW', 'CweIDs': ['CWE-295'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41996', 'https://dheatattack.gitlab.io/details/', 'https://dheatattack.gitlab.io/faq/', 'https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1', 'https://github.com/openssl/openssl/issues/17374', 'https://github.com/openssl/openssl/pull/25088', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41996', 'https://openssl-library.org/post/2022-10-21-tls-groups-configuration/', 'https://www.cve.org/CVERecord?id=CVE-2024-41996'], 'PublishedDate': '2024-08-26T06:15:04.603Z', 'LastModifiedDate': '2024-08-26T16:35:11.247Z'}, {'VulnerabilityID': 'CVE-2023-4039', 'PkgID': 'libstdc++6@12.3.0-1ubuntu1~22.04', 'PkgName': 'libstdc++6', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4039', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64', 'Description': '\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-693'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4039', 'https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64', 'https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt', 'https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html', 'https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf', 'https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org', 'https://linux.oracle.com/cve/CVE-2023-4039.html', 'https://linux.oracle.com/errata/ELSA-2023-28766.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4039', 'https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html', 'https://www.cve.org/CVERecord?id=CVE-2023-4039'], 'PublishedDate': '2023-09-13T09:15:15.69Z', 'LastModifiedDate': '2024-08-02T08:15:14.993Z'}, {'VulnerabilityID': 'CVE-2022-27943', 'PkgID': 'libstdc++6@12.3.0-1ubuntu1~22.04', 'PkgName': 'libstdc++6', 'InstalledVersion': '12.3.0-1ubuntu1~22.04', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-27943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const', 'Description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'Severity': 'LOW', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-27943', 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79', 'https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead', 'https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-27943', 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995', 'https://www.cve.org/CVERecord?id=CVE-2022-27943'], 'PublishedDate': '2022-03-26T13:15:07.9Z', 'LastModifiedDate': '2023-11-07T03:45:32.64Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libsystemd0@249.11-0ubuntu3.12', 'PkgName': 'libsystemd0', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'libtinfo6@6.3-2ubuntu0.1', 'PkgName': 'libtinfo6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'libtinfo6@6.3-2ubuntu0.1', 'PkgName': 'libtinfo6', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'libudev1@249.11-0ubuntu3.12', 'PkgName': 'libudev1', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2022-4899', 'PkgID': 'libzstd1@1.4.8+dfsg-3build1', 'PkgName': 'libzstd1', 'InstalledVersion': '1.4.8+dfsg-3build1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-4899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'zstd: mysql: buffer overrun in util.c', 'Description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1141', 'https://access.redhat.com/security/cve/CVE-2022-4899', 'https://bugzilla.redhat.com/2179864', 'https://bugzilla.redhat.com/2188109', 'https://bugzilla.redhat.com/2188113', 'https://bugzilla.redhat.com/2188115', 'https://bugzilla.redhat.com/2188116', 'https://bugzilla.redhat.com/2188117', 'https://bugzilla.redhat.com/2188118', 'https://bugzilla.redhat.com/2188119', 'https://bugzilla.redhat.com/2188120', 'https://bugzilla.redhat.com/2188121', 'https://bugzilla.redhat.com/2188122', 'https://bugzilla.redhat.com/2188123', 'https://bugzilla.redhat.com/2188124', 'https://bugzilla.redhat.com/2188125', 'https://bugzilla.redhat.com/2188127', 'https://bugzilla.redhat.com/2188128', 'https://bugzilla.redhat.com/2188129', 'https://bugzilla.redhat.com/2188130', 'https://bugzilla.redhat.com/2188131', 'https://bugzilla.redhat.com/2188132', 'https://bugzilla.redhat.com/2224211', 'https://bugzilla.redhat.com/2224212', 'https://bugzilla.redhat.com/2224213', 'https://bugzilla.redhat.com/2224214', 'https://bugzilla.redhat.com/2224215', 'https://bugzilla.redhat.com/2224216', 'https://bugzilla.redhat.com/2224217', 'https://bugzilla.redhat.com/2224218', 'https://bugzilla.redhat.com/2224219', 'https://bugzilla.redhat.com/2224220', 'https://bugzilla.redhat.com/2224221', 'https://bugzilla.redhat.com/2224222', 'https://bugzilla.redhat.com/2245014', 'https://bugzilla.redhat.com/2245015', 'https://bugzilla.redhat.com/2245016', 'https://bugzilla.redhat.com/2245017', 'https://bugzilla.redhat.com/2245018', 'https://bugzilla.redhat.com/2245019', 'https://bugzilla.redhat.com/2245020', 'https://bugzilla.redhat.com/2245021', 'https://bugzilla.redhat.com/2245022', 'https://bugzilla.redhat.com/2245023', 'https://bugzilla.redhat.com/2245024', 'https://bugzilla.redhat.com/2245026', 'https://bugzilla.redhat.com/2245027', 'https://bugzilla.redhat.com/2245028', 'https://bugzilla.redhat.com/2245029', 'https://bugzilla.redhat.com/2245030', 'https://bugzilla.redhat.com/2245031', 'https://bugzilla.redhat.com/2245032', 'https://bugzilla.redhat.com/2245033', 'https://bugzilla.redhat.com/2245034', 'https://bugzilla.redhat.com/2258771', 'https://bugzilla.redhat.com/2258772', 'https://bugzilla.redhat.com/2258773', 'https://bugzilla.redhat.com/2258774', 'https://bugzilla.redhat.com/2258775', 'https://bugzilla.redhat.com/2258776', 'https://bugzilla.redhat.com/2258777', 'https://bugzilla.redhat.com/2258778', 'https://bugzilla.redhat.com/2258779', 'https://bugzilla.redhat.com/2258780', 'https://bugzilla.redhat.com/2258781', 'https://bugzilla.redhat.com/2258782', 'https://bugzilla.redhat.com/2258783', 'https://bugzilla.redhat.com/2258784', 'https://bugzilla.redhat.com/2258785', 'https://bugzilla.redhat.com/2258787', 'https://bugzilla.redhat.com/2258788', 'https://bugzilla.redhat.com/2258789', 'https://bugzilla.redhat.com/2258790', 'https://bugzilla.redhat.com/2258791', 'https://bugzilla.redhat.com/2258792', 'https://bugzilla.redhat.com/2258793', 'https://bugzilla.redhat.com/2258794', 'https://errata.almalinux.org/9/ALSA-2024-1141.html', 'https://github.com/facebook/zstd', 'https://github.com/facebook/zstd/issues/3200', 'https://github.com/facebook/zstd/pull/3220', 'https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml', 'https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6', 'https://linux.oracle.com/cve/CVE-2022-4899.html', 'https://linux.oracle.com/errata/ELSA-2024-1141.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN', 'https://nvd.nist.gov/vuln/detail/CVE-2022-4899', 'https://security.netapp.com/advisory/ntap-20230725-0005', 'https://security.netapp.com/advisory/ntap-20230725-0005/', 'https://www.cve.org/CVERecord?id=CVE-2022-4899'], 'PublishedDate': '2023-03-31T20:15:07.213Z', 'LastModifiedDate': '2023-11-07T03:59:16.09Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-aws-6.8-headers-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-headers-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-aws-6.8-tools-6.8.0-1015@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-aws-6.8-tools-6.8.0-1015', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-headers-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-headers-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-modules-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-modules-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-43882', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43882', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exec: Fix ToCToU between perm check and set-uid/gid usage', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\'s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, "chmod o-x,u+s target" makes "target" executable only\nby uid "root" and gid "cdrom", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group "cdrom" membership can\nget the permission to execute "target" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of "only cdrom\ngroup members can setuid to root".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.', 'Severity': 'HIGH', 'CweIDs': ['CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43882', 'https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)', 'https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759', 'https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada', 'https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e', 'https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64', 'https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e', 'https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f', 'https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb', 'https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1', 'https://linux.oracle.com/cve/CVE-2024-43882.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082152-CVE-2024-43882-4fa4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43882', 'https://www.cve.org/CVERecord?id=CVE-2024-43882'], 'PublishedDate': '2024-08-21T01:15:12.34Z', 'LastModifiedDate': '2024-09-03T13:25:39.747Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-48846', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: release rq qos structures for queue without disk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: release rq qos structures for queue without disk\n\nblkcg_init_queue() may add rq qos structures to request queue, previously\nblk_cleanup_queue() calls rq_qos_exit() to release them, but commit\n8e141f9eb803 ("block: drain file system I/O on del_gendisk")\nmoves rq_qos_exit() into del_gendisk(), so memory leak is caused\nbecause queues may not have disk, such as un-present scsi luns, nvme\nadmin queue, ...\n\nFixes the issue by adding rq_qos_exit() to blk_cleanup_queue() back.\n\nBTW, v5.18 won\'t need this patch any more since we move\nblkcg_init_queue()/blkcg_exit_queue() into disk allocation/release\nhandler, and patches have been in for-5.18/block.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48846', 'https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)', 'https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29', 'https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e', 'https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b', 'https://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48846-a1a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48846', 'https://www.cve.org/CVERecord?id=CVE-2022-48846'], 'PublishedDate': '2024-07-16T13:15:11.883Z', 'LastModifiedDate': '2024-07-24T17:56:26.767Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52889', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: Fix null pointer deref when receiving skb during sock creation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)->label is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n    BUG: kernel NULL pointer dereference, address: 000000000000004c\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n    RIP: 0010:aa_label_next_confined+0xb/0x40\n    Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n    RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n    RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n    RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n    R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n    R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n    FS:  00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n    PKRU: 55555554\n    Call Trace:\n     <IRQ>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? exc_page_fault+0x7f/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? aa_label_next_confined+0xb/0x40\n     apparmor_secmark_check+0xec/0x330\n     security_sock_rcv_skb+0x35/0x50\n     sk_filter_trim_cap+0x47/0x250\n     sock_queue_rcv_skb_reason+0x20/0x60\n     raw_rcv+0x13c/0x210\n     raw_local_deliver+0x1f3/0x250\n     ip_protocol_deliver_rcu+0x4f/0x2f0\n     ip_local_deliver_finish+0x76/0xa0\n     __netif_receive_skb_one_core+0x89/0xa0\n     netif_receive_skb+0x119/0x170\n     ? __netdev_alloc_skb+0x3d/0x140\n     vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n     __napi_poll+0x28/0x1b0\n     net_rx_action+0x2a4/0x380\n     __do_softirq+0xd1/0x2c8\n     __irq_exit_rcu+0xbb/0xf0\n     common_interrupt+0x86/0xa0\n     </IRQ>\n     <TASK>\n     asm_common_interrupt+0x26/0x40\n    RIP: 0010:apparmor_socket_post_create+0xb/0x200\n    Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n    RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n    RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n    RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n    RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n    R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n    R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n     ? __pfx_apparmor_socket_post_create+0x10/0x10\n     security_socket_post_create+0x4b/0x80\n     __sock_create+0x176/0x1f0\n     __sys_socket+0x89/0x100\n     __x64_sys_socket+0x17/0x20\n     do_syscall_64+0x5d/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     ? do_syscall_64+0x6c/0x90\n     entry_SYSCALL_64_after_hwframe+0x72/0xdc', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52889', 'https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0abe35bc48d4ec80424b1f4b3560c0e082cbd5c1', 'https://git.kernel.org/stable/c/290a6b88e8c19b6636ed1acc733d1458206f7697', 'https://git.kernel.org/stable/c/347dcb84a4874b5fb375092c08d8cc4069b94f81', 'https://git.kernel.org/stable/c/46c17ead5b7389e22e7dc9903fd0ba865d05bda2', 'https://git.kernel.org/stable/c/6c920754f62cefc63fccdc38a062c7c3452e2961', 'https://git.kernel.org/stable/c/ead2ad1d9f045f26fdce3ef1644913b3a6cd38f2', 'https://git.kernel.org/stable/c/fce09ea314505a52f2436397608fa0a5d0934fb1', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2023-52889-cdd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52889', 'https://www.cve.org/CVERecord?id=CVE-2023-52889'], 'PublishedDate': '2024-08-17T09:15:07.073Z', 'LastModifiedDate': '2024-08-19T21:19:16.97Z'}, {'VulnerabilityID': 'CVE-2024-26713', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n  BUG: Kernel NULL pointer dereference on read at 0x00000030\n  Faulting instruction address: 0xc0000000006bbe5c\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n  Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n  CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n  Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n  NIP:  c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n  REGS: c00000009924f240 TRAP: 0300   Not tainted  (6.7.0-203405+)\n  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24002220  XER: 20040006\n  CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n  ...\n  NIP sysfs_add_link_to_group+0x34/0x94\n  LR  iommu_device_link+0x5c/0x118\n  Call Trace:\n   iommu_init_device+0x26c/0x318 (unreliable)\n   iommu_device_link+0x5c/0x118\n   iommu_init_device+0xa8/0x318\n   iommu_probe_device+0xc0/0x134\n   iommu_bus_notifier+0x44/0x104\n   notifier_call_chain+0xb8/0x19c\n   blocking_notifier_call_chain+0x64/0x98\n   bus_notify+0x50/0x7c\n   device_add+0x640/0x918\n   pci_device_add+0x23c/0x298\n   of_create_pci_dev+0x400/0x884\n   of_scan_pci_dev+0x124/0x1b0\n   __of_scan_bus+0x78/0x18c\n   pcibios_scan_phb+0x2a4/0x3b0\n   init_phb_dynamic+0xb8/0x110\n   dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n   add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n   kobj_attr_store+0x2c/0x48\n   sysfs_kf_write+0x64/0x78\n   kernfs_fop_write_iter+0x1b0/0x290\n   vfs_write+0x350/0x4a0\n   ksys_write+0x84/0x140\n   system_call_exception+0x124/0x330\n   system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26713', 'https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)', 'https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753', 'https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d', 'https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8', 'https://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26713-1b52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26713', 'https://www.cve.org/CVERecord?id=CVE-2024-26713'], 'PublishedDate': '2024-04-03T15:15:53.647Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-38581', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38581', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/mes: fix use-after-free issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/mes: fix use-after-free issue\n\nDelete fence fallback timer to fix the ramdom\nuse-after-free issue.\n\nv2: move to amdgpu_mes.c', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-38581', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)', 'https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c', 'https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a', 'https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de', 'https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d', 'https://linux.oracle.com/cve/CVE-2024-38581.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38581-592d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38581', 'https://www.cve.org/CVERecord?id=CVE-2024-38581'], 'PublishedDate': '2024-06-19T14:15:18.15Z', 'LastModifiedDate': '2024-08-01T20:12:00.623Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39472', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39472', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by\nmkfs") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n("xfs: clean up calculation of LR header blocks") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-39472', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a (6.10-rc1)', 'https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a', 'https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f', 'https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5', 'https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb', 'https://linux.oracle.com/cve/CVE-2024-39472.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39472', 'https://www.cve.org/CVERecord?id=CVE-2024-39472'], 'PublishedDate': '2024-07-05T07:15:10.02Z', 'LastModifiedDate': '2024-08-19T05:15:06.543Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41009', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix overrunning reservations in ringbuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that "owns" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\'s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\'s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\'s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\'s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\'ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41009', 'https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)', 'https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4', 'https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225', 'https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069', 'https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f', 'https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881', 'https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686', 'https://lore.kernel.org/linux-cve-announce/2024071715-CVE-2024-41009-cac5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41009', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41009'], 'PublishedDate': '2024-07-17T07:15:01.973Z', 'LastModifiedDate': '2024-07-29T07:15:04.56Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41024', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Restrict untrusted app to attach to privileged PD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Restrict untrusted app to attach to privileged PD\n\nUntrusted application with access to only non-secure fastrpc device\nnode can attach to root_pd or static PDs if it can make the respective\ninit request. This can cause problems as the untrusted application\ncan send bad requests to root_pd or static PDs. Add changes to reject\nattach to privileged PDs if the request is being made using non-secure\nfastrpc device node.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41024', 'https://git.kernel.org/linus/bab2f5e8fd5d2f759db26b78d9db57412888f187 (6.10)', 'https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f', 'https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6', 'https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187', 'https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874', 'https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6', 'https://lore.kernel.org/all/20240628114501.14310-7-srinivas.kandagatla@linaro.org/', 'https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41024-be39@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41024', 'https://www.cve.org/CVERecord?id=CVE-2024-41024'], 'PublishedDate': '2024-07-29T15:15:11.27Z', 'LastModifiedDate': '2024-08-29T17:15:07.913Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42154', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42154', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_metrics: validate source addr length', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42154', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/66be40e622e177316ae81717aa30057ba9e61dff (6.10-rc7)', 'https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9', 'https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c', 'https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3', 'https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321', 'https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff', 'https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99', 'https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98', 'https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6', 'https://linux.oracle.com/cve/CVE-2024-42154.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42154', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42154'], 'PublishedDate': '2024-07-30T08:15:06.933Z', 'LastModifiedDate': '2024-10-01T19:32:18.31Z'}, {'VulnerabilityID': 'CVE-2024-42159', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42159', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Sanitise num_phys', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42159', 'https://git.kernel.org/linus/3668651def2c1622904e58b0280ee93121f2b10b (6.10-rc1)', 'https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b', 'https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0', 'https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df', 'https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf', 'https://linux.oracle.com/cve/CVE-2024-42159.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42159', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42159'], 'PublishedDate': '2024-07-30T08:15:07.3Z', 'LastModifiedDate': '2024-08-02T14:29:46.24Z'}, {'VulnerabilityID': 'CVE-2024-42160', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: check validation of fault attrs in f2fs_build_fault_attr()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42160', 'https://git.kernel.org/linus/4ed886b187f47447ad559619c48c086f432d2b77 (6.10-rc1)', 'https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e', 'https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77', 'https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d', 'https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b', 'https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42160-c733@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42160', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42160'], 'PublishedDate': '2024-07-30T08:15:07.37Z', 'LastModifiedDate': '2024-08-02T14:29:26.33Z'}, {'VulnerabilityID': 'CVE-2024-42224', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42224', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Correct check for empty list', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO\nbusses") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty.  However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42224', 'https://git.kernel.org/linus/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b (6.10-rc1)', 'https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5', 'https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618', 'https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d', 'https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee', 'https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b', 'https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114', 'https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89', 'https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4', 'https://linux.oracle.com/cve/CVE-2024-42224.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42224', 'https://ubuntu.com/security/notices/USN-7003-1', 'https://ubuntu.com/security/notices/USN-7003-2', 'https://ubuntu.com/security/notices/USN-7003-3', 'https://ubuntu.com/security/notices/USN-7003-4', 'https://ubuntu.com/security/notices/USN-7003-5', 'https://ubuntu.com/security/notices/USN-7006-1', 'https://ubuntu.com/security/notices/USN-7007-1', 'https://ubuntu.com/security/notices/USN-7007-2', 'https://ubuntu.com/security/notices/USN-7007-3', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://ubuntu.com/security/notices/USN-7019-1', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42224'], 'PublishedDate': '2024-07-30T08:15:07.667Z', 'LastModifiedDate': '2024-09-25T15:55:09.027Z'}, {'VulnerabilityID': 'CVE-2024-42228', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1016.17~22.04.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42228', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n   need to have a separate value of 0xffffffff.(Christian)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42228', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46', 'https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef', 'https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944', 'https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144', 'https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8', 'https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712', 'https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15', 'https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440', 'https://linux.oracle.com/cve/CVE-2024-42228.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42228', 'https://ubuntu.com/security/notices/USN-7020-1', 'https://ubuntu.com/security/notices/USN-7020-2', 'https://ubuntu.com/security/notices/USN-7020-3', 'https://ubuntu.com/security/notices/USN-7020-4', 'https://ubuntu.com/security/notices/USN-7021-1', 'https://ubuntu.com/security/notices/USN-7021-2', 'https://ubuntu.com/security/notices/USN-7021-3', 'https://ubuntu.com/security/notices/USN-7021-4', 'https://ubuntu.com/security/notices/USN-7022-1', 'https://ubuntu.com/security/notices/USN-7022-2', 'https://ubuntu.com/security/notices/USN-7022-3', 'https://ubuntu.com/security/notices/USN-7028-1', 'https://ubuntu.com/security/notices/USN-7028-2', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7039-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42228'], 'PublishedDate': '2024-07-30T08:15:07.96Z', 'LastModifiedDate': '2024-09-04T12:15:04.577Z'}, {'VulnerabilityID': 'CVE-2024-42258', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42258', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines\n\nYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don\'t\nforce huge page alignment on 32 bit") didn\'t work for x86_32 [1].  It is\nbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.\n\n!CONFIG_64BIT should cover all 32 bit machines.\n\n[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42258', 'https://git.kernel.org/linus/d9592025000b3cf26c742f3505da7b83aedc26d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc', 'https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f', 'https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a', 'https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5', 'https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42258', 'https://www.cve.org/CVERecord?id=CVE-2024-42258'], 'PublishedDate': '2024-08-12T15:15:20.983Z', 'LastModifiedDate': '2024-08-14T14:15:27.727Z'}, {'VulnerabilityID': 'CVE-2024-42259', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42259', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-131'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42259', 'https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)', 'https://git.kernel.org/stable/c/3e06073d24807f04b4694108a8474decb7b99e60', 'https://git.kernel.org/stable/c/4b09513ce93b3dcb590baaaff2ce96f2d098312d', 'https://git.kernel.org/stable/c/50111a8098fb9ade621eeff82228a997d42732ab', 'https://git.kernel.org/stable/c/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3', 'https://git.kernel.org/stable/c/911f8055f175c82775d0fd8cedcd0b75413f4ba7', 'https://git.kernel.org/stable/c/a256d019eaf044864c7e50312f0a65b323c24f39', 'https://git.kernel.org/stable/c/e8a68aa842d3f8dd04a46b9d632e5f67fde1da9b', 'https://git.kernel.org/stable/c/ead9289a51ea82eb5b27029fcf4c34b2dd60cf06', 'https://linux.oracle.com/cve/CVE-2024-42259.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081452-CVE-2024-42259-4cef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42259', 'https://project-zero.issues.chromium.org/issues/42451707', 'https://www.cve.org/CVERecord?id=CVE-2024-42259'], 'PublishedDate': '2024-08-14T15:15:31.673Z', 'LastModifiedDate': '2024-09-25T01:15:42.137Z'}, {'VulnerabilityID': 'CVE-2024-42260', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42260', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42260', 'https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)', 'https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516', 'https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-42260-0ce0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42260', 'https://www.cve.org/CVERecord?id=CVE-2024-42260'], 'PublishedDate': '2024-08-17T09:15:07.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42261', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the timestamp extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42261', 'https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)', 'https://git.kernel.org/stable/c/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791', 'https://git.kernel.org/stable/c/5c56f104edd02a537e9327dc543574e55713e1d7', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42261-f6a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42261', 'https://www.cve.org/CVERecord?id=CVE-2024-42261'], 'PublishedDate': '2024-08-17T09:15:07.6Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42262', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42262', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the performance extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the performance extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42262', 'https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)', 'https://git.kernel.org/stable/c/32df4abc44f24dbec239d43e2b26d5768c5d1a78', 'https://git.kernel.org/stable/c/ad5fdc48f7a63b8a98493c667505fe4d3864ae21', 'https://lore.kernel.org/linux-cve-announce/2024081736-CVE-2024-42262-7156@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42262', 'https://www.cve.org/CVERecord?id=CVE-2024-42262'], 'PublishedDate': '2024-08-17T09:15:07.68Z', 'LastModifiedDate': '2024-08-19T20:05:15.407Z'}, {'VulnerabilityID': 'CVE-2024-42263', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42263', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix potential memory leak in the timestamp extension', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix potential memory leak in the timestamp extension\n\nIf fetching of userspace memory fails during the main loop, all drm sync\nobjs looked up until that point will be leaked because of the missing\ndrm_syncobj_put.\n\nFix it by exporting and using a common cleanup helper.\n\n(cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42263', 'https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)', 'https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f', 'https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42263-31b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42263', 'https://www.cve.org/CVERecord?id=CVE-2024-42263'], 'PublishedDate': '2024-08-17T09:15:07.77Z', 'LastModifiedDate': '2024-08-19T20:41:11.24Z'}, {'VulnerabilityID': 'CVE-2024-42264', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42264', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Prevent out of bounds access in performance query extensions', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42264', 'https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)', 'https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2', 'https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722', 'https://lore.kernel.org/linux-cve-announce/2024081737-CVE-2024-42264-5d23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42264', 'https://www.cve.org/CVERecord?id=CVE-2024-42264'], 'PublishedDate': '2024-08-17T09:15:07.833Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42267', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42267', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()\n\nHandle VM_FAULT_SIGSEGV in the page fault path so that we correctly\nkill the process and we don't BUG() the kernel.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42267', 'https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)', 'https://git.kernel.org/stable/c/0c710050c47d45eb77b28c271cddefc5c785cb40', 'https://git.kernel.org/stable/c/20dbdebc5580cd472a310d56a6e252275ee4c864', 'https://git.kernel.org/stable/c/59be4a167782d68e21068a761b90b01fadc09146', 'https://git.kernel.org/stable/c/917f598209f3f5e4ab175d5079d8aeb523e58b1f', 'https://git.kernel.org/stable/c/d4e7db757e2d7f4c407a007e92c98477eab215d2', 'https://git.kernel.org/stable/c/d7ccf2ca772bfe33e2c53ef80fa20d2d87eb6144', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42267-9f79@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42267', 'https://www.cve.org/CVERecord?id=CVE-2024-42267'], 'PublishedDate': '2024-08-17T09:15:08.047Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42268', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42268', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix missing lock on sync reset reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n…\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S      W          6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n…\n Call Trace:\n  <TASK>\n  ? __warn+0xa4/0x210\n  ? devl_assert_locked+0x3e/0x50\n  ? report_bug+0x160/0x280\n  ? handle_bug+0x3f/0x80\n  ? exc_invalid_op+0x17/0x40\n  ? asm_exc_invalid_op+0x1a/0x20\n  ? devl_assert_locked+0x3e/0x50\n  devlink_notify+0x88/0x2b0\n  ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n  ? __pfx_devlink_notify+0x10/0x10\n  ? process_one_work+0x4b6/0xbb0\n  process_one_work+0x4b6/0xbb0\n[…]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42268', 'https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)', 'https://git.kernel.org/stable/c/091268f3c27a5b6d7858a3bb2a0dbcc9cd26ddb5', 'https://git.kernel.org/stable/c/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9', 'https://git.kernel.org/stable/c/5d07d1d40aabfd61bab21115639bd4f641db6002', 'https://git.kernel.org/stable/c/98884e89c90d077f6fe6ba18e6cf6f914642f04e', 'https://lore.kernel.org/linux-cve-announce/2024081738-CVE-2024-42268-2084@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42268', 'https://www.cve.org/CVERecord?id=CVE-2024-42268'], 'PublishedDate': '2024-08-17T09:15:08.11Z', 'LastModifiedDate': '2024-08-19T20:52:49.323Z'}, {'VulnerabilityID': 'CVE-2024-42269', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42269', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet's call register_pernet_subsys() before xt_register_template().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42269', 'https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)', 'https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e', 'https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226', 'https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601', 'https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34', 'https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42269-7d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42269', 'https://www.cve.org/CVERecord?id=CVE-2024-42269'], 'PublishedDate': '2024-08-17T09:15:08.177Z', 'LastModifiedDate': '2024-08-19T20:53:51.717Z'}, {'VulnerabilityID': 'CVE-2024-42270', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42270', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet's call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS:  00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42270', 'https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)', 'https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc', 'https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d', 'https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626', 'https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b', 'https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42270-c752@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42270', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7009-1', 'https://ubuntu.com/security/notices/USN-7009-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42270'], 'PublishedDate': '2024-08-17T09:15:08.24Z', 'LastModifiedDate': '2024-08-19T20:01:09.52Z'}, {'VulnerabilityID': 'CVE-2024-42272', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42272', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: act_ct: take care of padding in struct zones_ht_key', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: act_ct: take care of padding in struct zones_ht_key\n\nBlamed commit increased lookup key size from 2 bytes to 16 bytes,\nbecause zones_ht_key got a struct net pointer.\n\nMake sure rhashtable_lookup() is not using the padding bytes\nwhich are not initialized.\n\n BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  rht_ptr_rcu include/linux/rhashtable.h:376 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:607 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n  tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408\n  tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425\n  tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488\n  tcf_action_add net/sched/act_api.c:2061 [inline]\n  tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118\n  rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550\n  rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665\n  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2597\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651\n  __sys_sendmsg net/socket.c:2680 [inline]\n  __do_sys_sendmsg net/socket.c:2689 [inline]\n  __se_sys_sendmsg net/socket.c:2687 [inline]\n  __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687\n  x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable key created at:\n  tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324\n  tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42272', 'https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)', 'https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738', 'https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab', 'https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2', 'https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee', 'https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64', 'https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79', 'https://linux.oracle.com/cve/CVE-2024-42272.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081739-CVE-2024-42272-c687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42272', 'https://www.cve.org/CVERecord?id=CVE-2024-42272'], 'PublishedDate': '2024-08-17T09:15:08.37Z', 'LastModifiedDate': '2024-09-30T13:40:21.843Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42274', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42274', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert "ALSA: firewire-lib: operate for period elapse event in process context"', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "ALSA: firewire-lib: operate for period elapse event in process context"\n\nCommit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event\nin process context") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n    * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n    * (lock B) wait for tasklet to finish by calling\n    \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n    * (lock B) enter tasklet\n    * (lock A) attempt to acquire substream lock,\n    \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n    \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period\nelapse event in process context")\n\nReplace inline description to prevent future deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42274', 'https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)', 'https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef', 'https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323', 'https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1', 'https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9', 'https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42274-9dc6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42274', 'https://www.cve.org/CVERecord?id=CVE-2024-42274'], 'PublishedDate': '2024-08-17T09:15:08.53Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42276', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42276', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-pci: add missing condition check for existence of mapped data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42276', 'https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)', 'https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec', 'https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7', 'https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83', 'https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c', 'https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba', 'https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd', 'https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64', 'https://linux.oracle.com/cve/CVE-2024-42276.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42276-cb0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42276', 'https://www.cve.org/CVERecord?id=CVE-2024-42276'], 'PublishedDate': '2024-08-17T09:15:08.673Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42277', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42277', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42277', 'https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8', 'https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922', 'https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb', 'https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c', 'https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb', 'https://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42277', 'https://www.cve.org/CVERecord?id=CVE-2024-42277'], 'PublishedDate': '2024-08-17T09:15:08.75Z', 'LastModifiedDate': '2024-09-10T18:46:21.62Z'}, {'VulnerabilityID': 'CVE-2024-42278', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42278', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42278', 'https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)', 'https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3', 'https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06', 'https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42278', 'https://www.cve.org/CVERecord?id=CVE-2024-42278'], 'PublishedDate': '2024-08-17T09:15:08.813Z', 'LastModifiedDate': '2024-09-30T12:53:36.42Z'}, {'VulnerabilityID': 'CVE-2024-42279', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42279', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42279', 'https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)', 'https://git.kernel.org/stable/c/3feda3677e8bbe833c3a62a4091377a08f015b80', 'https://git.kernel.org/stable/c/45e03d35229b680b79dfea1103a1f2f07d0b5d75', 'https://git.kernel.org/stable/c/9cf71eb0faef4bff01df4264841b8465382d7927', 'https://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42279-91b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42279', 'https://www.cve.org/CVERecord?id=CVE-2024-42279'], 'PublishedDate': '2024-08-17T09:15:08.88Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42281', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42281', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a segment issue when downgrading gso_size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42281', 'https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)', 'https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2', 'https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc', 'https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf', 'https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a', 'https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733', 'https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be', 'https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028', 'https://linux.oracle.com/cve/CVE-2024-42281.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42281-780b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42281', 'https://www.cve.org/CVERecord?id=CVE-2024-42281'], 'PublishedDate': '2024-08-17T09:15:09.013Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42283', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42283', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: nexthop: Initialize all fields in dumped nexthops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n    # ip nexthop add id 1 dev lo\n    # ip nexthop add id 101 group 1\n    # strace -e recvmsg ip nexthop get id 101\n    ...\n    recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n                 [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42283', 'https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b', 'https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8', 'https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2', 'https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb', 'https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0', 'https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96', 'https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb', 'https://linux.oracle.com/cve/CVE-2024-42283.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42283-15a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42283', 'https://www.cve.org/CVERecord?id=CVE-2024-42283'], 'PublishedDate': '2024-08-17T09:15:09.163Z', 'LastModifiedDate': '2024-08-19T19:54:33.213Z'}, {'VulnerabilityID': 'CVE-2024-42284', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42284', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42284', 'https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)', 'https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f', 'https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a', 'https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69', 'https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813', 'https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28', 'https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b', 'https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8', 'https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076', 'https://linux.oracle.com/cve/CVE-2024-42284.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024081743-CVE-2024-42284-bbfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42284', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-42284'], 'PublishedDate': '2024-08-17T09:15:09.233Z', 'LastModifiedDate': '2024-08-19T19:47:55.623Z'}, {'VulnerabilityID': 'CVE-2024-42285', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42285', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n        conn_id->cm_id.iw = cm_id;\n        cm_id->context = conn_id;\n        cm_id->cm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42285', 'https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6', 'https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574', 'https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79', 'https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4', 'https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6', 'https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5', 'https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae', 'https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a', 'https://linux.oracle.com/cve/CVE-2024-42285.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42285-37ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42285', 'https://www.cve.org/CVERecord?id=CVE-2024-42285'], 'PublishedDate': '2024-08-17T09:15:09.3Z', 'LastModifiedDate': '2024-08-19T19:45:41.59Z'}, {'VulnerabilityID': 'CVE-2024-42286', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42286', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: validate nvme_local_port correctly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS:  0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42286', 'https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b', 'https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430', 'https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e', 'https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c', 'https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f', 'https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c', 'https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9', 'https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5', 'https://linux.oracle.com/cve/CVE-2024-42286.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42286-e856@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42286', 'https://www.cve.org/CVERecord?id=CVE-2024-42286'], 'PublishedDate': '2024-08-17T09:15:09.38Z', 'LastModifiedDate': '2024-09-10T19:02:12.36Z'}, {'VulnerabilityID': 'CVE-2024-42287', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42287', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Complete command early within lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42287', 'https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)', 'https://git.kernel.org/stable/c/314efe3f87949a568f512f05df20bf47b81cf232', 'https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb', 'https://git.kernel.org/stable/c/4475afa2646d3fec176fc4d011d3879b26cb26e3', 'https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96cd350553', 'https://git.kernel.org/stable/c/814f4a53cc86f7ea8b501bfb1723f24fd29ef5ee', 'https://git.kernel.org/stable/c/9117337b04d789bd08fdd9854a40bec2815cd3f6', 'https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea', 'https://linux.oracle.com/cve/CVE-2024-42287.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081744-CVE-2024-42287-d635@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42287', 'https://www.cve.org/CVERecord?id=CVE-2024-42287'], 'PublishedDate': '2024-08-17T09:15:09.453Z', 'LastModifiedDate': '2024-09-10T19:05:07.67Z'}, {'VulnerabilityID': 'CVE-2024-42288', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42288', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: Fix for possible memory corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly.  Correctly dereference ICB', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42288', 'https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)', 'https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e', 'https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b', 'https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b', 'https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d', 'https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce', 'https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a', 'https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb', 'https://linux.oracle.com/cve/CVE-2024-42288.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42288', 'https://www.cve.org/CVERecord?id=CVE-2024-42288'], 'PublishedDate': '2024-08-17T09:15:09.523Z', 'LastModifiedDate': '2024-09-05T17:38:38.383Z'}, {'VulnerabilityID': 'CVE-2024-42289', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42289', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: qla2xxx: During vport delete send async logout explicitly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array.  For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n  BUG: kernel NULL pointer dereference, address: 000000000000001c\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP NOPTI\n  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n  Call Trace:\n  <TASK>\n  qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n  ? qla2x00_status_entry+0x768/0x2830\n  ? newidle_balance+0x2f0/0x430\n  ? dequeue_entity+0x100/0x3c0\n  ? qla24xx_process_response_queue+0x6a1/0x19e0\n  ? __schedule+0x2d5/0x1140\n  ? qla_do_work+0x47/0x60\n  ? process_one_work+0x267/0x440\n  ? process_one_work+0x440/0x440\n  ? worker_thread+0x2d/0x3d0\n  ? process_one_work+0x440/0x440\n  ? kthread+0x156/0x180\n  ? set_kthread_struct+0x50/0x50\n  ? ret_from_fork+0x22/0x30\n  </TASK>\n\nSend out async logout explicitly for all the ports during vport delete.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42289', 'https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)', 'https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe', 'https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52', 'https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2', 'https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7', 'https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef', 'https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede', 'https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313', 'https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc', 'https://linux.oracle.com/cve/CVE-2024-42289.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42289-fe68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42289', 'https://www.cve.org/CVERecord?id=CVE-2024-42289'], 'PublishedDate': '2024-08-17T09:15:09.59Z', 'LastModifiedDate': '2024-09-05T17:37:49.057Z'}, {'VulnerabilityID': 'CVE-2024-42290', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42290', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: irqchip/imx-irqsteer: Handle runtime power management correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the 'scheduling while atomic' bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n  __schedule_bug+0x54/0x6c\n  __schedule+0x7f0/0xa94\n  schedule+0x5c/0xc4\n  schedule_preempt_disabled+0x24/0x40\n  __mutex_lock.constprop.0+0x2c0/0x540\n  __mutex_lock_slowpath+0x14/0x20\n  mutex_lock+0x48/0x54\n  clk_prepare_lock+0x44/0xa0\n  clk_prepare+0x20/0x44\n  imx_irqsteer_resume+0x28/0xe0\n  pm_generic_runtime_resume+0x2c/0x44\n  __genpd_runtime_resume+0x30/0x80\n  genpd_runtime_resume+0xc8/0x2c0\n  __rpm_callback+0x48/0x1d8\n  rpm_callback+0x6c/0x78\n  rpm_resume+0x490/0x6b4\n  __pm_runtime_resume+0x50/0x94\n  irq_chip_pm_get+0x2c/0xa0\n  __irq_do_set_handler+0x178/0x24c\n  irq_set_chained_handler_and_data+0x60/0xa4\n  mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42290', 'https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)', 'https://git.kernel.org/stable/c/21bd3f9e7f924cd2fc892a484e7a50c7e1847565', 'https://git.kernel.org/stable/c/33b1c47d1fc0b5f06a393bb915db85baacba18ea', 'https://git.kernel.org/stable/c/3a2884a44e5cda192df1b28e9925661f79f599a1', 'https://git.kernel.org/stable/c/58c56735facb225a5c46fa4b8bbbe7f31d1cb894', 'https://git.kernel.org/stable/c/a590e8dea3df2639921f874d763be961dd74e8f9', 'https://git.kernel.org/stable/c/f8ae38f1dfe652779c7c613facbc257cec00ac44', 'https://git.kernel.org/stable/c/fa1803401e1c360efe6342fb41d161cc51748a11', 'https://linux.oracle.com/cve/CVE-2024-42290.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42290-c966@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42290', 'https://www.cve.org/CVERecord?id=CVE-2024-42290'], 'PublishedDate': '2024-08-17T09:15:09.663Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42292', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42292', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kobject_uevent: Fix OOB access within zap_modalias_env()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42292', 'https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)', 'https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762', 'https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2', 'https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168', 'https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d', 'https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90', 'https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5', 'https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d', 'https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc', 'https://linux.oracle.com/cve/CVE-2024-42292.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42292-5387@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42292', 'https://www.cve.org/CVERecord?id=CVE-2024-42292'], 'PublishedDate': '2024-08-17T09:15:09.797Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42295', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42295', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: handle inconsistent state in nilfs_btnode_create_block()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42295', 'https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)', 'https://git.kernel.org/stable/c/012be828a118bf496e666ef1fc47fc0e7358ada2', 'https://git.kernel.org/stable/c/02b87e6334a38c65eef49848d3f1ac422f0b2a44', 'https://git.kernel.org/stable/c/19cce46238ffe3546e44b9c74057103ff8b24c62', 'https://git.kernel.org/stable/c/366c3f688dd0288cbe38af1d3a886b5c62372e4a', 'https://git.kernel.org/stable/c/4811f7af6090e8f5a398fbdd766f903ef6c0d787', 'https://git.kernel.org/stable/c/5f0a6800b8aec1b453c7fe4c44fcaac5ffe9d52e', 'https://git.kernel.org/stable/c/be56dfc9be0604291267c07b0e27a69a6bda4899', 'https://git.kernel.org/stable/c/e34191cce3ee63dfa5fb241904aaf2a042d5b6d8', 'https://linux.oracle.com/cve/CVE-2024-42295.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42295-4f43@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42295', 'https://www.cve.org/CVERecord?id=CVE-2024-42295'], 'PublishedDate': '2024-08-17T09:15:10.017Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42296', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42296', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix return value of f2fs_convert_inline_inode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_convert_inline_inode()\n\nIf device is readonly, make f2fs_convert_inline_inode()\nreturn EROFS instead of zero, otherwise it may trigger\npanic during writeback of inline inode's dirty page as\nbelow:\n\n f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888\n f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3369\n do_writepages+0x359/0x870 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397\n __filemap_fdatawrite_range mm/filemap.c:430 [inline]\n file_write_and_wait_range+0x1aa/0x290 mm/filemap.c:788\n f2fs_do_sync_file+0x68a/0x1ae0 fs/f2fs/file.c:276\n generic_write_sync include/linux/fs.h:2806 [inline]\n f2fs_file_write_iter+0x7bd/0x24e0 fs/f2fs/file.c:4977\n call_write_iter include/linux/fs.h:2114 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42296', 'https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)', 'https://git.kernel.org/stable/c/077f0e24b27c4b44841593c7edbd1993be9eecb5', 'https://git.kernel.org/stable/c/1e7725814361c8c008d131db195cef8274ff26b8', 'https://git.kernel.org/stable/c/47a8ddcdcaccd9b891db4574795e46a33a121ac2', 'https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b', 'https://git.kernel.org/stable/c/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42296-3f50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42296', 'https://www.cve.org/CVERecord?id=CVE-2024-42296'], 'PublishedDate': '2024-08-17T09:15:10.08Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42297', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42297', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: fix to don't dirty inode for readonly filesystem", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't dirty inode for readonly filesystem\n\nsyzbot reports f2fs bug as below:\n\nkernel BUG at fs/f2fs/inode.c:933!\nRIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933\nCall Trace:\n evict+0x2a4/0x620 fs/inode.c:664\n dispose_list fs/inode.c:697 [inline]\n evict_inodes+0x5f8/0x690 fs/inode.c:747\n generic_shutdown_super+0x9d/0x2c0 fs/super.c:675\n kill_block_super+0x44/0x90 fs/super.c:1667\n kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894\n deactivate_locked_super+0xc1/0x130 fs/super.c:484\n cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256\n task_work_run+0x24a/0x300 kernel/task_work.c:180\n ptrace_notify+0x2cd/0x380 kernel/signal.c:2399\n ptrace_report_syscall include/linux/ptrace.h:411 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]\n syscall_exit_work kernel/entry/common.c:251 [inline]\n syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]\n syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296\n do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe root cause is:\n- do_sys_open\n - f2fs_lookup\n  - __f2fs_find_entry\n   - f2fs_i_depth_write\n    - f2fs_mark_inode_dirty_sync\n     - f2fs_dirty_inode\n      - set_inode_flag(inode, FI_DIRTY_INODE)\n\n- umount\n - kill_f2fs_super\n  - kill_block_super\n   - generic_shutdown_super\n    - sync_filesystem\n    : sb is readonly, skip sync_filesystem()\n    - evict_inodes\n     - iput\n      - f2fs_evict_inode\n       - f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))\n       : trigger kernel panic\n\nWhen we try to repair i_current_depth in readonly filesystem, let's\nskip dirty inode to avoid panic in later f2fs_evict_inode().", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42297', 'https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)', 'https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8', 'https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3', 'https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf', 'https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915', 'https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6', 'https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4', 'https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5', 'https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1', 'https://linux.oracle.com/cve/CVE-2024-42297.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081747-CVE-2024-42297-fcec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42297', 'https://www.cve.org/CVERecord?id=CVE-2024-42297'], 'PublishedDate': '2024-08-17T09:15:10.147Z', 'LastModifiedDate': '2024-09-30T13:41:26.463Z'}, {'VulnerabilityID': 'CVE-2024-42298', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42298', 'https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)', 'https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90', 'https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135', 'https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42298', 'https://www.cve.org/CVERecord?id=CVE-2024-42298'], 'PublishedDate': '2024-08-17T09:15:10.23Z', 'LastModifiedDate': '2024-09-10T18:42:19.607Z'}, {'VulnerabilityID': 'CVE-2024-42299', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42299', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Update log->page_{mask,bits} if log->page_size changed\n\nIf an NTFS file system is mounted to another system with different\nPAGE_SIZE from the original system, log->page_size will change in\nlog_replay(), but log->page_{mask,bits} don\'t change correspondingly.\nThis will cause a panic because "u32 bytes = log->page_size - page_off"\nwill get a negative value in the later read_log_page().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42299', 'https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)', 'https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9', 'https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420', 'https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f', 'https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696', 'https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521', 'https://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42299-a588@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42299', 'https://www.cve.org/CVERecord?id=CVE-2024-42299'], 'PublishedDate': '2024-08-17T09:15:10.293Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42301', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42301', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dev/parport: fix the array out-of-bounds risk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42301', 'https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)', 'https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8', 'https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d', 'https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a', 'https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84', 'https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0', 'https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5', 'https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e', 'https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6', 'https://linux.oracle.com/cve/CVE-2024-42301.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42301-4026@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42301', 'https://www.cve.org/CVERecord?id=CVE-2024-42301'], 'PublishedDate': '2024-08-17T09:15:10.423Z', 'LastModifiedDate': '2024-08-22T16:31:18.667Z'}, {'VulnerabilityID': 'CVE-2024-42302', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42302', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred.  To do so, it polls the\nconfig space of the first child device on the secondary bus.  If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\'s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device.  Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume.  Holding a\nreference wasn\'t necessary back then because the pciehp IRQ thread\ncould never run concurrently.  (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase.  And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event.  Commit 53b54ad074de ("PCI/DPC: Await readiness\nof secondary bus after reset"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently.  The commit was backported to v5.10+ stable\nkernels, so that\'s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n  BUG: unable to handle page fault for address: 00000000091400c0\n  CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n  RIP: pci_bus_read_config_dword+0x17/0x50\n  pci_dev_wait()\n  pci_bridge_wait_for_secondary_bus()\n  dpc_reset_link()\n  pcie_do_recovery()\n  dpc_handler()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42302', 'https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)', 'https://git.kernel.org/stable/c/11a1f4bc47362700fcbde717292158873fb847ed', 'https://git.kernel.org/stable/c/2c111413f38ca5cf87557cab89f6d82b0e3433e7', 'https://git.kernel.org/stable/c/2cc8973bdc4d6c928ebe38b88090a2cdfe81f42f', 'https://git.kernel.org/stable/c/b16f3ea1db47a6766a9f1169244cf1fc287a7c62', 'https://git.kernel.org/stable/c/c52f9e1a9eb40f13993142c331a6cfd334d4b91d', 'https://git.kernel.org/stable/c/f63df70b439bb8331358a306541893bf415bf1da', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42302-c0d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42302', 'https://www.cve.org/CVERecord?id=CVE-2024-42302'], 'PublishedDate': '2024-08-17T09:15:10.487Z', 'LastModifiedDate': '2024-08-22T16:37:26.237Z'}, {'VulnerabilityID': 'CVE-2024-42303', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42303', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42303', 'https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)', 'https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08', 'https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856', 'https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42303-4d12@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42303', 'https://www.cve.org/CVERecord?id=CVE-2024-42303'], 'PublishedDate': '2024-08-17T09:15:10.56Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42304', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: make sure the first directory block is not a hole', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: make sure the first directory block is not a hole\n\nThe syzbot constructs a directory that has no dirblock but is non-inline,\ni.e. the first directory block is a hole. And no errors are reported when\ncreating files in this directory in the following flow.\n\n    ext4_mknod\n     ...\n      ext4_add_entry\n        // Read block 0\n        ext4_read_dirblock(dir, block, DIRENT)\n          bh = ext4_bread(NULL, inode, block, 0)\n          if (!bh && (type == INDEX || type == DIRENT_HTREE))\n          // The first directory block is a hole\n          // But type == DIRENT, so no error is reported.\n\nAfter that, we get a directory block without '.' and '..' but with a valid\ndentry. This may cause some code that relies on dot or dotdot (such as\nmake_indexed_dir()) to crash.\n\nTherefore when ext4_read_dirblock() finds that the first directory block\nis a hole report that the filesystem is corrupted and return an error to\navoid loading corrupted data from disk causing something bad.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42304', 'https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)', 'https://git.kernel.org/stable/c/299bc6ffa57e04e74c6cce866d6c0741fb4897a1', 'https://git.kernel.org/stable/c/9771e3d8365ae1dd5e8846a204cb9af14e3e656a', 'https://git.kernel.org/stable/c/b609753cbbd38f8c0affd4956c0af178348523ac', 'https://git.kernel.org/stable/c/c3893d9de8ee153baac56d127d844103488133b5', 'https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe', 'https://git.kernel.org/stable/c/de2a011a13a46468a6e8259db58b1b62071fe136', 'https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134ce06bcfa', 'https://git.kernel.org/stable/c/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6', 'https://linux.oracle.com/cve/CVE-2024-42304.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081749-CVE-2024-42304-d0e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42304', 'https://www.cve.org/CVERecord?id=CVE-2024-42304'], 'PublishedDate': '2024-08-17T09:15:10.617Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42305', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42305', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: check dot and dotdot of dx_root before making dir indexed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n    do_split\n      unsigned split\n      dx_make_map\n       count = 1\n      split = count/2 = 0;\n      continued = hash2 == map[split - 1].hash;\n       ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n  bus     dentry1          hole           dentry2           free\n|xx--|xx-------------|...............|xx-------------|...............|\n0   12 (8+248)=256  268     256     524 (8+256)=264 788     236     1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42305', 'https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8', 'https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa', 'https://git.kernel.org/stable/c/50ea741def587a64e08879ce6c6a30131f7111e7', 'https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a', 'https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2', 'https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c', 'https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db', 'https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d2397d378c5', 'https://linux.oracle.com/cve/CVE-2024-42305.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42305-94ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42305', 'https://www.cve.org/CVERecord?id=CVE-2024-42305'], 'PublishedDate': '2024-08-17T09:15:10.69Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42306', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid using corrupted block bitmap buffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42306', 'https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)', 'https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5', 'https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd', 'https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af', 'https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64', 'https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65', 'https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f', 'https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914', 'https://linux.oracle.com/cve/CVE-2024-42306.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42306', 'https://www.cve.org/CVERecord?id=CVE-2024-42306'], 'PublishedDate': '2024-08-17T09:15:10.777Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42307', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42307', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n   fs/smb/client/cifsfs.c:1981 init_cifs()\n   error: we previously assumed 'serverclose_wq' could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42307', 'https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303', 'https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2', 'https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777', 'https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671', 'https://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42307-7c2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42307', 'https://www.cve.org/CVERecord?id=CVE-2024-42307'], 'PublishedDate': '2024-08-17T09:15:10.843Z', 'LastModifiedDate': '2024-09-05T17:49:58.257Z'}, {'VulnerabilityID': 'CVE-2024-42308', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42308', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check for NULL pointer', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42308', 'https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)', 'https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89', 'https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa', 'https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a', 'https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692', 'https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb', 'https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40', 'https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602', 'https://linux.oracle.com/cve/CVE-2024-42308.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42308-562d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42308', 'https://www.cve.org/CVERecord?id=CVE-2024-42308'], 'PublishedDate': '2024-08-17T09:15:10.92Z', 'LastModifiedDate': '2024-10-09T14:15:05.227Z'}, {'VulnerabilityID': 'CVE-2024-42309', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42309', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42309', 'https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)', 'https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee', 'https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6', 'https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692', 'https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14', 'https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9', 'https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c', 'https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc', 'https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811', 'https://linux.oracle.com/cve/CVE-2024-42309.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42309-9560@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42309', 'https://www.cve.org/CVERecord?id=CVE-2024-42309'], 'PublishedDate': '2024-08-17T09:15:10.987Z', 'LastModifiedDate': '2024-08-22T16:01:29.287Z'}, {'VulnerabilityID': 'CVE-2024-42310', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42310', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42310', 'https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)', 'https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d', 'https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23', 'https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6', 'https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc', 'https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5', 'https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79', 'https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56', 'https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a', 'https://linux.oracle.com/cve/CVE-2024-42310.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081751-CVE-2024-42310-58b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42310', 'https://www.cve.org/CVERecord?id=CVE-2024-42310'], 'PublishedDate': '2024-08-17T09:15:11.067Z', 'LastModifiedDate': '2024-08-22T16:01:46.263Z'}, {'VulnerabilityID': 'CVE-2024-42311', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42311', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42311', 'https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)', 'https://git.kernel.org/stable/c/10f7163bfb5f8b4e0c9c05a939f20b8540e33c65', 'https://git.kernel.org/stable/c/26a2ed107929a855155429b11e1293b83e6b2a8b', 'https://git.kernel.org/stable/c/4a52861cd76e79f1a593beb23d096523eb9732c2', 'https://git.kernel.org/stable/c/58d83fc160505a7009c39dec64effaac5129b971', 'https://git.kernel.org/stable/c/9c4e40b9b731220f9464975e49da75496e3865c4', 'https://git.kernel.org/stable/c/d3493d6f0dfb1ab5225b62faa77732983f2187a1', 'https://git.kernel.org/stable/c/d55aae5c1730d6b70d5d8eaff00113cd34772ea3', 'https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db', 'https://linux.oracle.com/cve/CVE-2024-42311.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42311-f825@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42311', 'https://www.cve.org/CVERecord?id=CVE-2024-42311'], 'PublishedDate': '2024-08-17T09:15:11.147Z', 'LastModifiedDate': '2024-09-03T17:38:24.21Z'}, {'VulnerabilityID': 'CVE-2024-42312', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42312', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sysctl: always initialize i_uid/i_gid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42312', 'https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05', 'https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab', 'https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4', 'https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955', 'https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536', 'https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42312-bddc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42312', 'https://www.cve.org/CVERecord?id=CVE-2024-42312'], 'PublishedDate': '2024-08-17T09:15:11.24Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42313', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42313', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: venus: fix use after free in vdec_close', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42313', 'https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)', 'https://git.kernel.org/stable/c/4c9d235630d35db762b85a4149bbb0be9d504c36', 'https://git.kernel.org/stable/c/66fa52edd32cdbb675f0803b3c4da10ea19b6635', 'https://git.kernel.org/stable/c/6a96041659e834dc0b172dda4b2df512d63920c2', 'https://git.kernel.org/stable/c/72aff311194c8ceda934f24fd6f250b8827d7567', 'https://git.kernel.org/stable/c/a0157b5aa34eb43ec4c5510f9c260bbb03be937e', 'https://git.kernel.org/stable/c/ad8cf035baf29467158e0550c7a42b7bb43d1db6', 'https://git.kernel.org/stable/c/da55685247f409bf7f976cc66ba2104df75d8dad', 'https://git.kernel.org/stable/c/f8e9a63b982a8345470c225679af4ba86e4a7282', 'https://linux.oracle.com/cve/CVE-2024-42313.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42313-09b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42313', 'https://www.cve.org/CVERecord?id=CVE-2024-42313'], 'PublishedDate': '2024-08-17T09:15:11.32Z', 'LastModifiedDate': '2024-08-22T16:01:59.467Z'}, {'VulnerabilityID': 'CVE-2024-42314', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42314', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix extent map use-after-free when adding pages to compressed bio', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n'add_size' after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing 'add_size' before dropping our\nextent map reference.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42314', 'https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)', 'https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c', 'https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89', 'https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7', 'https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8', 'https://lore.kernel.org/linux-cve-announce/2024081752-CVE-2024-42314-de1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42314', 'https://www.cve.org/CVERecord?id=CVE-2024-42314'], 'PublishedDate': '2024-08-17T09:15:11.397Z', 'LastModifiedDate': '2024-09-04T12:15:04.723Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42316', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42316', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/mglru: fix div-by-zero in vmpressure_calc_level()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control->nr_scanned.  However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n  [exception RIP: vmpressure_work_fn+101]\n  process_one_work at ffffffffa3313f2b\n\nSince scan_control->nr_scanned has no established semantics, the potential\ndouble counting has minimal risks.  Therefore, fix the problem by not\ndeducting scan_control->nr_scanned in evict_folios().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42316', 'https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)', 'https://git.kernel.org/stable/c/8b671fe1a879923ecfb72dda6caf01460dd885ef', 'https://git.kernel.org/stable/c/8de7bf77f21068a5f602bb1e59adbc5ab533509d', 'https://git.kernel.org/stable/c/a39e38be632f0e1c908d70d1c9cd071c03faf895', 'https://git.kernel.org/stable/c/d6510f234c7d117790397f9bb150816b0a954a04', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42316-8b49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42316', 'https://www.cve.org/CVERecord?id=CVE-2024-42316'], 'PublishedDate': '2024-08-17T09:15:11.547Z', 'LastModifiedDate': '2024-08-22T15:52:38.52Z'}, {'VulnerabilityID': 'CVE-2024-42317', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42317', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/huge_memory: avoid PMD-size page cache if needed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: avoid PMD-size page cache if needed\n\nxarray can\'t support arbitrary page cache size.  the largest and supported\npage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71\n("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray").  However,\nit\'s possible to have 512MB page cache in the huge memory\'s collapsing\npath on ARM64 system whose base page size is 64KB.  512MB page cache is\nbreaking the limitation and a warning is raised when the xarray entry is\nsplit as shown in the following example.\n\n[root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize\nKernelPageSize:       64 kB\n[root@dhcp-10-26-1-207 ~]# cat /tmp/test.c\n   :\nint main(int argc, char **argv)\n{\n\tconst char *filename = TEST_XFS_FILENAME;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret = 0;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stdout, "System with 64KB base page size is required!\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open the xfs file */\n\tfd = open(filename, O_RDONLY);\n\tassert(fd > 0);\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0);\n\tassert(buf != (void *)-1);\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ);\n\tassert(ret == 0);\n\n\t/* Collapse VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n\tassert(ret == 0);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE);\n\tif (ret) {\n\t\tfprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\\n", errno);\n\t\tgoto out;\n\t}\n\n\t/* Split xarray entry. Write permission is needed */\n\tmunmap(buf, TEST_MEM_SIZE);\n\tbuf = (void *)-1;\n\tclose(fd);\n\tfd = open(filename, O_RDWR);\n\tassert(fd > 0);\n\tfallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n \t\t  TEST_MEM_SIZE - pgsize, pgsize);\nout:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn ret;\n}\n\n[root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test\n[root@dhcp-10-26-1-207 ~]# /tmp/test\n ------------[ cut here ]------------\n WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\n Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib    \\\n nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct      \\\n nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4      \\\n ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse   \\\n xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net  \\\n sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio\n CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : xas_split_alloc+0xf8/0x128\n lr : split_huge_page_to_list_to_order+0x1c4/0x780\n sp : ffff8000ac32f660\n x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0\n x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d\n x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c\n x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8\n x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40\n x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\n Call trace:\n  xas_split_alloc+0xf8/0x128\n  split_huge_page_to_list_to_order+0x1c4/0x780\n  truncate_inode_partial_folio+0xdc/0x160\n  truncate_inode_pages_range+0x1b4/0x4a8\n  truncate_pagecache_range+0x84/0xa\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42317', 'https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)', 'https://git.kernel.org/stable/c/d659b715e94ac039803d7601505d3473393fc0be', 'https://git.kernel.org/stable/c/e60f62f75c99740a28e2bf7e6044086033012a16', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42317-cf87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42317', 'https://www.cve.org/CVERecord?id=CVE-2024-42317'], 'PublishedDate': '2024-08-17T09:15:11.633Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42318', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42318', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: landlock: Don&#39;t lose track of restrictions on cred_transfer', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don't lose track of restrictions on cred_transfer\n\nWhen a process' cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent's credentials), the\ncred_transfer LSM hook is used instead.  Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42318', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=2566', 'https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d74fd54db0bd0c0c224bef0da8fc95ea9c9f36c', 'https://git.kernel.org/stable/c/16896914bace82d7811c62f3b6d5320132384f49', 'https://git.kernel.org/stable/c/39705a6c29f8a2b93cf5b99528a55366c50014d1', 'https://git.kernel.org/stable/c/916c648323fa53b89eedb34a0988ddaf01406117', 'https://git.kernel.org/stable/c/b14cc2cf313bd29056fadbc8ecd7f957cf5791ff', 'https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42318-f0c9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42318', 'https://www.cve.org/CVERecord?id=CVE-2024-42318', 'https://www.openwall.com/lists/oss-security/2024/08/17/2'], 'PublishedDate': '2024-08-17T09:15:11.7Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43817', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: missing check virtio', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset >= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) > skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 <0f> 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS:  0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43817', 'https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)', 'https://git.kernel.org/stable/c/27874ca77bd2b05a3779c7b3a5c75d8dd7f0b40f', 'https://git.kernel.org/stable/c/5b1997487a3f3373b0f580c8a20b56c1b64b0775', 'https://git.kernel.org/stable/c/90d41ebe0cd4635f6410471efc1dd71b33e894cf', 'https://git.kernel.org/stable/c/e269d79c7d35aa3808b1f3c1737d63dab504ddc8', 'https://git.kernel.org/stable/c/e9164903b8b303c34723177b02fe91e49e3c4cd7', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43817-2e95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43817', 'https://www.cve.org/CVERecord?id=CVE-2024-43817'], 'PublishedDate': '2024-08-17T10:15:08.01Z', 'LastModifiedDate': '2024-09-03T17:41:46.407Z'}, {'VulnerabilityID': 'CVE-2024-43818', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: amd: Adjust error handling in case of absent codec device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn't perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43818', 'https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5', 'https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3', 'https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164', 'https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43818-71ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43818', 'https://www.cve.org/CVERecord?id=CVE-2024-43818'], 'PublishedDate': '2024-08-17T10:15:08.08Z', 'LastModifiedDate': '2024-09-03T17:45:30Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43820', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));\n\nThis check is designed to make sure that the sync thread isn't\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43820', 'https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)', 'https://git.kernel.org/stable/c/3199a34bfaf7561410e0be1e33a61eba870768fc', 'https://git.kernel.org/stable/c/a5c15a78c0e1631b7df822b56e8b6424e4d1ca3e', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43820-1bd6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43820', 'https://www.cve.org/CVERecord?id=CVE-2024-43820'], 'PublishedDate': '2024-08-17T10:15:08.207Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43821', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Fix a possible null pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43821', 'https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)', 'https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c', 'https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680', 'https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa', 'https://lore.kernel.org/linux-cve-announce/2024081724-CVE-2024-43821-6ffc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43821', 'https://www.cve.org/CVERecord?id=CVE-2024-43821'], 'PublishedDate': '2024-08-17T10:15:08.277Z', 'LastModifiedDate': '2024-09-03T17:49:54.28Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43825', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iio: Fix the sorting functionality in iio_gts_build_avail_time_table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts->itime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] > new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts->itime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n"Sort times from all tables to one and remove duplicates".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43825', 'https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)', 'https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3', 'https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb', 'https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43825-20fc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43825', 'https://www.cve.org/CVERecord?id=CVE-2024-43825'], 'PublishedDate': '2024-08-17T10:15:08.533Z', 'LastModifiedDate': '2024-09-30T13:53:21.44Z'}, {'VulnerabilityID': 'CVE-2024-43826', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfs: pass explicit offset/count to trace events', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL ->f_mapping that protects against truncations and can\nlead to kernel crashes.  E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an explіcit offset\nand length.  This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43826', 'https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)', 'https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722', 'https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43826-2a5f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43826', 'https://www.cve.org/CVERecord?id=CVE-2024-43826'], 'PublishedDate': '2024-08-17T10:15:08.593Z', 'LastModifiedDate': '2024-09-12T18:15:09.137Z'}, {'VulnerabilityID': 'CVE-2024-43827', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check before access structs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check before access structs\n\nIn enable_phantom_plane, we should better check null pointer before\naccessing various structs.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43827', 'https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)', 'https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724', 'https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43827-6486@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43827', 'https://www.cve.org/CVERecord?id=CVE-2024-43827'], 'PublishedDate': '2024-08-17T10:15:08.653Z', 'LastModifiedDate': '2024-09-30T12:51:34.97Z'}, {'VulnerabilityID': 'CVE-2024-43828', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix infinite loop when replaying fast_commit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct.  ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the 'es' variable.\n\nBecause 'es' contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43828', 'https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)', 'https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121', 'https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2', 'https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1', 'https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178', 'https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706', 'https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43828-6bcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43828', 'https://www.cve.org/CVERecord?id=CVE-2024-43828'], 'PublishedDate': '2024-08-17T10:15:08.72Z', 'LastModifiedDate': '2024-08-22T15:41:50.87Z'}, {'VulnerabilityID': 'CVE-2024-43829', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/qxl: Add check for drm_cvt_mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43829', 'https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)', 'https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c', 'https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f', 'https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f', 'https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03', 'https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3', 'https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b', 'https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd', 'https://linux.oracle.com/cve/CVE-2024-43829.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081726-CVE-2024-43829-72cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43829', 'https://www.cve.org/CVERecord?id=CVE-2024-43829'], 'PublishedDate': '2024-08-17T10:15:08.787Z', 'LastModifiedDate': '2024-09-30T12:51:56.77Z'}, {'VulnerabilityID': 'CVE-2024-43830', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: trigger: Unregister sysfs attributes before calling deactivate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-43830', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)', 'https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce6841277b2', 'https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6', 'https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d', 'https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea', 'https://git.kernel.org/stable/c/c0dc9adf9474ecb7106e60e5472577375aedaed3', 'https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156', 'https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374', 'https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a', 'https://linux.oracle.com/cve/CVE-2024-43830.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43830-3b85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43830', 'https://www.cve.org/CVERecord?id=CVE-2024-43830'], 'PublishedDate': '2024-08-17T10:15:08.857Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43833', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: v4l: async: Fix NULL pointer dereference in adding ancillary links', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier's sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43833', 'https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)', 'https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621', 'https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f', 'https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb', 'https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43833-4e73@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43833', 'https://www.cve.org/CVERecord?id=CVE-2024-43833'], 'PublishedDate': '2024-08-17T10:15:09.04Z', 'LastModifiedDate': '2024-08-22T15:42:46.827Z'}, {'VulnerabilityID': 'CVE-2024-43834', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xdp: fix invalid wait context of page_pool_destroy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, ->disconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n<TASK>\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43834', 'https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)', 'https://git.kernel.org/stable/c/12144069209eec7f2090ce9afa15acdcc2c2a537', 'https://git.kernel.org/stable/c/3fc1be360b99baeea15cdee3cf94252cd3a72d26', 'https://git.kernel.org/stable/c/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec', 'https://git.kernel.org/stable/c/6c390ef198aa69795427a5cb5fd7cb4bc7e6cd7a', 'https://git.kernel.org/stable/c/be9d08ff102df3ac4f66e826ea935cf3af63a4bd', 'https://git.kernel.org/stable/c/bf0ce5aa5f2525ed1b921ba36de96e458e77f482', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43834-0140@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43834', 'https://www.cve.org/CVERecord?id=CVE-2024-43834'], 'PublishedDate': '2024-08-17T10:15:09.113Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43835', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio_net: Fix napi_skb_cache_put warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix napi_skb_cache_put warning\n\nAfter the commit bdacf3e34945 ("net: Use nested-BH locking for\nnapi_alloc_cache.") was merged, the following warning began to appear:\n\n\t WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0\n\n\t  __warn+0x12f/0x340\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  report_bug+0x165/0x370\n\t  handle_bug+0x3d/0x80\n\t  exc_invalid_op+0x1a/0x50\n\t  asm_exc_invalid_op+0x1a/0x20\n\t  __free_old_xmit+0x1c8/0x510\n\t  napi_skb_cache_put+0x82/0x4b0\n\t  __free_old_xmit+0x1c8/0x510\n\t  __free_old_xmit+0x1c8/0x510\n\t  __pfx___free_old_xmit+0x10/0x10\n\nThe issue arises because virtio is assuming it\'s running in NAPI context\neven when it\'s not, such as in the netpoll case.\n\nTo resolve this, modify virtnet_poll_tx() to only set NAPI when budget\nis available. Same for virtnet_poll_cleantx(), which always assumed that\nit was in a NAPI context.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43835', 'https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)', 'https://git.kernel.org/stable/c/19ac6f29bf64304ef04630c8ab56ecd2059d7aa1', 'https://git.kernel.org/stable/c/468a729b78895893d0e580ceea49bed8ada2a2bd', 'https://git.kernel.org/stable/c/6b5325f2457521bbece29499970c0117a648c620', 'https://git.kernel.org/stable/c/842a97b5e44f0c8a9fc356fe976e0e13ddcf7783', 'https://git.kernel.org/stable/c/cc7340f18e45886121c131227985d64ef666012f', 'https://git.kernel.org/stable/c/d3af435e8ace119e58d8e21d3d2d6a4e7c4a4baa', 'https://git.kernel.org/stable/c/f5e9a22d19bb98a7e86034db85eb295e94187caa', 'https://git.kernel.org/stable/c/f8321fa75102246d7415a6af441872f6637c93ab', 'https://lore.kernel.org/linux-cve-announce/2024081728-CVE-2024-43835-5f11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43835', 'https://www.cve.org/CVERecord?id=CVE-2024-43835'], 'PublishedDate': '2024-08-17T10:15:09.183Z', 'LastModifiedDate': '2024-09-12T12:15:48.653Z'}, {'VulnerabilityID': 'CVE-2024-43837', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr->attach_prog_fd`,\nthe `prog->aux->dst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[    8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[    8.108262] Mem abort info:\n[    8.108384]   ESR = 0x0000000096000004\n[    8.108547]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    8.108722]   SET = 0, FnV = 0\n[    8.108827]   EA = 0, S1PTW = 0\n[    8.108939]   FSC = 0x04: level 0 translation fault\n[    8.109102] Data abort info:\n[    8.109203]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    8.109399]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    8.109614]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[    8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[    8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    8.112783] Modules linked in:\n[    8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[    8.113230] Hardware name: linux,dummy-virt (DT)\n[    8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[    8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[    8.113798] sp : ffff80008283b9f0\n[    8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[    8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[    8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[    8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[    8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[    8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[    8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[    8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[    8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[    8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[    8.114126] Call trace:\n[    8.114159]  may_access_direct_pkt_data+0x24/0xa0\n[    8.114202]  bpf_check+0x3bc/0x28c0\n[    8.114214]  bpf_prog_load+0x658/0xa58\n[    8.114227]  __sys_bpf+0xc50/0x2250\n[    8.114240]  __arm64_sys_bpf+0x28/0x40\n[    8.114254]  invoke_syscall.constprop.0+0x54/0xf0\n[    8.114273]  do_el0_svc+0x4c/0xd8\n[    8.114289]  el0_svc+0x3c/0x140\n[    8.114305]  el0t_64_sync_handler+0x134/0x150\n[    8.114331]  el0t_64_sync+0x168/0x170\n[    8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[    8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve to\nprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n  prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43837', 'https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)', 'https://git.kernel.org/stable/c/9d40fd516aeae6779e3c84c6b96700ca76285847', 'https://git.kernel.org/stable/c/b29a880bb145e1f1c1df5ab88ed26b1495ff9f09', 'https://git.kernel.org/stable/c/f7866c35873377313ff94398f17d425b28b71de1', 'https://git.kernel.org/stable/c/fcac5feb06f31ee4c88bca9bf98d8bc3ca7d2615', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43837-63d2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43837', 'https://www.cve.org/CVERecord?id=CVE-2024-43837'], 'PublishedDate': '2024-08-17T10:15:09.32Z', 'LastModifiedDate': '2024-08-22T15:44:03.417Z'}, {'VulnerabilityID': 'CVE-2024-43839', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n   is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43839', 'https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)', 'https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1', 'https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3', 'https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef', 'https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43', 'https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76', 'https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da', 'https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5', 'https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540', 'https://linux.oracle.com/cve/CVE-2024-43839.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43839', 'https://www.cve.org/CVERecord?id=CVE-2024-43839'], 'PublishedDate': '2024-08-17T10:15:09.447Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43840', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43840', 'https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)', 'https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b', 'https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43840-69cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43840', 'https://www.cve.org/CVERecord?id=CVE-2024-43840'], 'PublishedDate': '2024-08-17T10:15:09.517Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43841', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: virt_wifi: avoid reporting connection success with wrong SSID', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43841', 'https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)', 'https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414', 'https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29', 'https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d', 'https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942', 'https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d', 'https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7', 'https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3', 'https://linux.oracle.com/cve/CVE-2024-43841.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43841-8143@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43841', 'https://www.cve.org/CVERecord?id=CVE-2024-43841'], 'PublishedDate': '2024-08-17T10:15:09.58Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43843', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix out-of-bounds issue when preparing trampoline image\n\nWe get the size of the trampoline image during the dry run phase and\nallocate memory based on that size. The allocated image will then be\npopulated with instructions during the real patch phase. But after\ncommit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`\nargument is inconsistent in the dry run and real patch phase. This may\ncause emit_imm in RV64 to generate a different number of instructions\nwhen generating the \'im\' address, potentially causing out-of-bounds\nissues. Let\'s emit the maximum number of instructions for the "im"\naddress during dry run to fix this problem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43843', 'https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)', 'https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f', 'https://git.kernel.org/stable/c/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43843-e436@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43843', 'https://www.cve.org/CVERecord?id=CVE-2024-43843'], 'PublishedDate': '2024-08-17T10:15:09.707Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43845', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Fix bogus checksum computation in udf_rename()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43845', 'https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)', 'https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c', 'https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4', 'https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241', 'https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43845-a85d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43845', 'https://www.cve.org/CVERecord?id=CVE-2024-43845'], 'PublishedDate': '2024-08-17T10:15:09.837Z', 'LastModifiedDate': '2024-08-29T17:15:08.397Z'}, {'VulnerabilityID': 'CVE-2024-43846', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib: objagg: Fix general protection fault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G        W          6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43846', 'https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)', 'https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb', 'https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc', 'https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc', 'https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170', 'https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7', 'https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a', 'https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52abca1894d', 'https://linux.oracle.com/cve/CVE-2024-43846.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43846-2bd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43846', 'https://www.cve.org/CVERecord?id=CVE-2024-43846'], 'PublishedDate': '2024-08-17T10:15:09.9Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43847', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43847', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix invalid memory access while processing fragmented packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43847', 'https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)', 'https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4', 'https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6', 'https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43847-6828@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43847', 'https://www.cve.org/CVERecord?id=CVE-2024-43847'], 'PublishedDate': '2024-08-17T10:15:09.963Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43849', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pdr: protect locator_addr with the main mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr->lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43849', 'https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)', 'https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84', 'https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08', 'https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80', 'https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc', 'https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c', 'https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43849-fef0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43849', 'https://www.cve.org/CVERecord?id=CVE-2024-43849'], 'PublishedDate': '2024-08-17T10:15:10.093Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43850', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43850', 'https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)', 'https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52', 'https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c', 'https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43850-4eec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43850', 'https://www.cve.org/CVERecord?id=CVE-2024-43850'], 'PublishedDate': '2024-08-17T10:15:10.157Z', 'LastModifiedDate': '2024-09-30T13:57:33.4Z'}, {'VulnerabilityID': 'CVE-2024-43852', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (ltc2991) re-order conditions to fix off by one bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array.  Flip the conditions\naround so that we check if "channel" is valid before using it as an array\nindex.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43852', 'https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6', 'https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43852-61e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43852', 'https://www.cve.org/CVERecord?id=CVE-2024-43852'], 'PublishedDate': '2024-08-17T10:15:10.31Z', 'LastModifiedDate': '2024-08-20T19:32:55.747Z'}, {'VulnerabilityID': 'CVE-2024-43853', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: Prevent UAF in proc_cpuset_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/<pid>/cpuset   repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/   repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/<pid>/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n("cgroup: Make operations on the cgroup root_list RCU safe"),\ncss->cgroup won\'t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43853', 'https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)', 'https://git.kernel.org/stable/c/10aeaa47e4aa2432f29b3e5376df96d7dac5537a', 'https://git.kernel.org/stable/c/1be59c97c83ccd67a519d8a49486b3a8a73ca28a', 'https://git.kernel.org/stable/c/27d6dbdc6485d68075a0ebf8544d6425c1ed84bb', 'https://git.kernel.org/stable/c/29a8d4e02fd4840028c38ceb1536cc8f82a257d4', 'https://git.kernel.org/stable/c/29ac1d238b3bf126af36037df80d7ecc4822341e', 'https://git.kernel.org/stable/c/4e8d6ac8fc9f843e940ab7389db8136634e07989', 'https://git.kernel.org/stable/c/688325078a8b5badd6e07ae22b27cd04e9947aec', 'https://git.kernel.org/stable/c/96226fbed566f3f686f53a489a29846f2d538080', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43853-da5b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43853', 'https://www.cve.org/CVERecord?id=CVE-2024-43853'], 'PublishedDate': '2024-08-17T10:15:10.383Z', 'LastModifiedDate': '2024-09-04T12:15:04.827Z'}, {'VulnerabilityID': 'CVE-2024-43854', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: initialize integrity buffer to zero before writing it to media', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media.  For PI metadata this is\nlimited to the app tag that isn't used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43854', 'https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)', 'https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f', 'https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644', 'https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005', 'https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f', 'https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6', 'https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2', 'https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1', 'https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43854-5586@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43854', 'https://www.cve.org/CVERecord?id=CVE-2024-43854'], 'PublishedDate': '2024-08-17T10:15:10.447Z', 'LastModifiedDate': '2024-09-12T12:15:49.423Z'}, {'VulnerabilityID': 'CVE-2024-43856', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43856', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma: fix call order in dmam_free_coherent', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n  kokonut //net/encryption\n    http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43856', 'https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)', 'https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130', 'https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383650b02e', 'https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7', 'https://git.kernel.org/stable/c/28e8b7406d3a1f5329a03aa25a43aa28e087cb20', 'https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9', 'https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954', 'https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb', 'https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63', 'https://linux.oracle.com/cve/CVE-2024-43856.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081732-CVE-2024-43856-9087@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43856', 'https://www.cve.org/CVERecord?id=CVE-2024-43856'], 'PublishedDate': '2024-08-17T10:15:10.613Z', 'LastModifiedDate': '2024-08-22T17:57:08.64Z'}, {'VulnerabilityID': 'CVE-2024-43857', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix null reference error when checking end of zone', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null reference error when checking end of zone\n\nThis patch fixes a potentially null pointer being accessed by\nis_end_zone_blkaddr() that checks the last block of a zone\nwhen f2fs is mounted as a single device.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43857', 'https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)', 'https://git.kernel.org/stable/c/381cbe85592c78fbaeb3e770e3e9f3bfa3e67efb', 'https://git.kernel.org/stable/c/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43857-b71b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43857', 'https://www.cve.org/CVERecord?id=CVE-2024-43857'], 'PublishedDate': '2024-08-17T10:15:10.687Z', 'LastModifiedDate': '2024-08-22T17:38:21.003Z'}, {'VulnerabilityID': 'CVE-2024-43859', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate preallocated blocks in f2fs_file_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n  - f2fs_disable_checkpoint\n   - f2fs_gc\n    - f2fs_iget\n     - f2fs_truncate\n\nSo, let's relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43859', 'https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)', 'https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5', 'https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d', 'https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0', 'https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18', 'https://lore.kernel.org/linux-cve-announce/2024081733-CVE-2024-43859-62b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43859', 'https://www.cve.org/CVERecord?id=CVE-2024-43859'], 'PublishedDate': '2024-08-17T10:15:10.817Z', 'LastModifiedDate': '2024-09-08T08:15:12.96Z'}, {'VulnerabilityID': 'CVE-2024-43860', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: remoteproc: imx_rproc: Skip over memory region when node value is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 < a < nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43860', 'https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)', 'https://git.kernel.org/stable/c/2fa26ca8b786888673689ccc9da6094150939982', 'https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21', 'https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa', 'https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66', 'https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2', 'https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0', 'https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8', 'https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e4e72bc9', 'https://linux.oracle.com/cve/CVE-2024-43860.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024081734-CVE-2024-43860-d72f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43860', 'https://www.cve.org/CVERecord?id=CVE-2024-43860'], 'PublishedDate': '2024-08-17T10:15:10.887Z', 'LastModifiedDate': '2024-08-22T17:08:15.097Z'}, {'VulnerabilityID': 'CVE-2024-43861', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: usb: qmi_wwan: fix memory leak for not ip packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43861', 'https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)', 'https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4', 'https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662', 'https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202', 'https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f', 'https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882', 'https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446', 'https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5', 'https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384', 'https://linux.oracle.com/cve/CVE-2024-43861.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43861-1958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43861', 'https://www.cve.org/CVERecord?id=CVE-2024-43861'], 'PublishedDate': '2024-08-20T22:15:04.917Z', 'LastModifiedDate': '2024-09-03T13:45:12.667Z'}, {'VulnerabilityID': 'CVE-2024-43863', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix a deadlock in dma buf fence polling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn't remove\nthe fence from the pending list, and thus doesn't require a lock to\nfix poll->fence wait->fence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it's been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it's held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43863', 'https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)', 'https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc', 'https://git.kernel.org/stable/c/9e20d028d8d1deb1e7fed18f22ffc01669cf3237', 'https://git.kernel.org/stable/c/a8943969f9ead2fd3044fc826140a21622ef830e', 'https://git.kernel.org/stable/c/c98ab18b9f315ff977c2c65d7c71298ef98be8e3', 'https://git.kernel.org/stable/c/e58337100721f3cc0c7424a18730e4f39844934f', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43863-9124@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43863', 'https://www.cve.org/CVERecord?id=CVE-2024-43863'], 'PublishedDate': '2024-08-21T00:15:04.847Z', 'LastModifiedDate': '2024-09-03T13:42:44.727Z'}, {'VulnerabilityID': 'CVE-2024-43864', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix CT entry update leaks of modify header context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43864', 'https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)', 'https://git.kernel.org/stable/c/025f2b85a5e5a46df14ecf162c3c80a957a36d0b', 'https://git.kernel.org/stable/c/89064d09c56b44c668509bf793c410484f63f5ad', 'https://git.kernel.org/stable/c/daab2cc17b6b6ab158566bba037e9551fd432b59', 'https://lore.kernel.org/linux-cve-announce/2024082156-CVE-2024-43864-81ad@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43864', 'https://www.cve.org/CVERecord?id=CVE-2024-43864'], 'PublishedDate': '2024-08-21T00:15:04.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43867', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau: prime: fix refcount underflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43867', 'https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)', 'https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6', 'https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f', 'https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef', 'https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf', 'https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95', 'https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10', 'https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320', 'https://linux.oracle.com/cve/CVE-2024-43867.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43867-0620@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43867', 'https://www.cve.org/CVERecord?id=CVE-2024-43867'], 'PublishedDate': '2024-08-21T00:15:05.087Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43868', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv/purgatory: align riscv_kernel_entry', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/purgatory: align riscv_kernel_entry\n\nWhen alignment handling is delegated to the kernel, everything must be\nword-aligned in purgatory, since the trap handler is then set to the\nkexec one. Without the alignment, hitting the exception would\nultimately crash. On other occasions, the kernel's handler would take\ncare of exceptions.\nThis has been tested on a JH7110 SoC with oreboot and its SBI delegating\nunaligned access exceptions and the kernel configured to handle them.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43868', 'https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)', 'https://git.kernel.org/stable/c/5d4aaf16a8255f7c71790e211724ba029609c5ff', 'https://git.kernel.org/stable/c/fb197c5d2fd24b9af3d4697d0cf778645846d6d5', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43868-9a44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43868', 'https://www.cve.org/CVERecord?id=CVE-2024-43868'], 'PublishedDate': '2024-08-21T00:15:05.15Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43869', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exec and file release', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn't even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======> <NMI>\n      perf_event_overflow()\n         event->pending_sigtrap = ...\n         irq_work_queue(&event->pending_irq)\n<======= </NMI>\n      perf_event_task_sched_out()\n          event_sched_out()\n              event->pending_sigtrap = 0;\n              atomic_long_inc_not_zero(&event->refcount)\n              task_work_add(&event->pending_task)\n   finish_lock_switch()\n=======> <IRQ>\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n<======= </IRQ>\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43869', 'https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)', 'https://git.kernel.org/stable/c/104e258a004037bc7dba9f6085c71dad6af57ad4', 'https://git.kernel.org/stable/c/3a5465418f5fd970e86a86c7f4075be262682840', 'https://git.kernel.org/stable/c/9ad46f1fef421d43cdab3a7d1744b2f43b54dae0', 'https://git.kernel.org/stable/c/ed2c202dac55423a52d7e2290f2888bf08b8ee99', 'https://git.kernel.org/stable/c/f34d8307a73a18de5320fcc6f40403146d061891', 'https://lore.kernel.org/linux-cve-announce/2024082133-CVE-2024-43869-26aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43869', 'https://www.cve.org/CVERecord?id=CVE-2024-43869'], 'PublishedDate': '2024-08-21T01:15:11.55Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43870', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf: Fix event leak upon exit', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exit\n\nWhen a task is scheduled out, pending sigtrap deliveries are deferred\nto the target task upon resume to userspace via task_work.\n\nHowever failures while adding an event's callback to the task_work\nengine are ignored. And since the last call for events exit happen\nafter task work is eventually closed, there is a small window during\nwhich pending sigtrap can be queued though ignored, leaking the event\nrefcount addition such as in the following scenario:\n\n    TASK A\n    -----\n\n    do_exit()\n       exit_task_work(tsk);\n\n       <IRQ>\n       perf_event_overflow()\n          event->pending_sigtrap = pending_id;\n          irq_work_queue(&event->pending_irq);\n       </IRQ>\n    =========> PREEMPTION: TASK A -> TASK B\n       event_sched_out()\n          event->pending_sigtrap = 0;\n          atomic_long_inc_not_zero(&event->refcount)\n          // FAILS: task work has exited\n          task_work_add(&event->pending_task)\n       [...]\n       <IRQ WORK>\n       perf_pending_irq()\n          // early return: event->oncpu = -1\n       </IRQ WORK>\n       [...]\n    =========> TASK B -> TASK A\n       perf_event_exit_task(tsk)\n          perf_event_exit_event()\n             free_event()\n                WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1)\n                // leak event due to unexpected refcount == 2\n\nAs a result the event is never released while the task exits.\n\nFix this with appropriate task_work_add()'s error handling.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43870', 'https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)', 'https://git.kernel.org/stable/c/05d3fd599594abf79aad4484bccb2b26e1cb0b51', 'https://git.kernel.org/stable/c/2fd5ad3f310de22836cdacae919dd99d758a1f1b', 'https://git.kernel.org/stable/c/3d7a63352a93bdb8a1cdf29606bf617d3ac1c22a', 'https://git.kernel.org/stable/c/67fad724f1b568b356c1065d50df46e6b30eb2f7', 'https://git.kernel.org/stable/c/70882d7fa74f0731492a0d493e8515a4f7131831', 'https://lore.kernel.org/linux-cve-announce/2024082135-CVE-2024-43870-2b6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43870', 'https://www.cve.org/CVERecord?id=CVE-2024-43870'], 'PublishedDate': '2024-08-21T01:15:11.62Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43871', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: devres: Fix memory leakage caused by driver API devm_free_percpu()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-43871', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)', 'https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96', 'https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d', 'https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85', 'https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c', 'https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf', 'https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701', 'https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c', 'https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85', 'https://linux.oracle.com/cve/CVE-2024-43871.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43871-c2cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43871', 'https://www.cve.org/CVERecord?id=CVE-2024-43871'], 'PublishedDate': '2024-08-21T01:15:11.68Z', 'LastModifiedDate': '2024-09-03T13:39:19.553Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43873', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43873', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost/vsock: always initialize seqpacket_allow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n   created. Thus if features are never set, it will be\n   read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n   then seqpacket_allow will not be cleared appropriately\n   (existing apps I know about don't usually do this but\n    it's legal and there's no way to be sure no one relies\n    on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-909'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43873', 'https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22', 'https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb', 'https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582', 'https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c', 'https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43873', 'https://www.cve.org/CVERecord?id=CVE-2024-43873'], 'PublishedDate': '2024-08-21T01:15:11.79Z', 'LastModifiedDate': '2024-09-03T13:35:44.897Z'}, {'VulnerabilityID': 'CVE-2024-43875', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43875', 'https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)', 'https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f', 'https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832', 'https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0', 'https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429', 'https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43875', 'https://www.cve.org/CVERecord?id=CVE-2024-43875'], 'PublishedDate': '2024-08-21T01:15:11.91Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43876', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43876', 'https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)', 'https://git.kernel.org/stable/c/2ae4769332dfdb97f4b6f5dc9ac8f46d02aaa3df', 'https://git.kernel.org/stable/c/3ff3bdde950f1840df4030726cef156758a244d7', 'https://git.kernel.org/stable/c/526a877c6273d4cd0d0aede84c1d620479764b1c', 'https://git.kernel.org/stable/c/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43876-793b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43876', 'https://www.cve.org/CVERecord?id=CVE-2024-43876'], 'PublishedDate': '2024-08-21T01:15:11.973Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43877', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43877', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: pci: ivtv: Add check for DMA map result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43877', 'https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)', 'https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718', 'https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a', 'https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9', 'https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43877', 'https://www.cve.org/CVERecord?id=CVE-2024-43877'], 'PublishedDate': '2024-08-21T01:15:12.033Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43879', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43879', 'https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)', 'https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27', 'https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd', 'https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f', 'https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9', 'https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086', 'https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142', 'https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d', 'https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6', 'https://linux.oracle.com/cve/CVE-2024-43879.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43879-95cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43879', 'https://www.cve.org/CVERecord?id=CVE-2024-43879'], 'PublishedDate': '2024-08-21T01:15:12.153Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43880', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43880', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the "objagg" library to perform the mask aggregation by\npassing it objects that consist of the filter\'s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set ("hints") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n <TASK>\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43880', 'https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)', 'https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037', 'https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624', 'https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb', 'https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb', 'https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf', 'https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e', 'https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578', 'https://linux.oracle.com/cve/CVE-2024-43880.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43880-78ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43880', 'https://www.cve.org/CVERecord?id=CVE-2024-43880'], 'PublishedDate': '2024-08-21T01:15:12.213Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43881', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43881', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: change DMA direction while mapping reinjected packets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43881', 'https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)', 'https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e', 'https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b', 'https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997', 'https://lore.kernel.org/linux-cve-announce/2024082138-CVE-2024-43881-ead4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43881', 'https://www.cve.org/CVERecord?id=CVE-2024-43881'], 'PublishedDate': '2024-08-21T01:15:12.28Z', 'LastModifiedDate': '2024-08-21T12:30:33.697Z'}, {'VulnerabilityID': 'CVE-2024-43883', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43883', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: vhci-hcd: Do not drop references before new references are gained', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43883', 'https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37', 'https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174', 'https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14', 'https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89', 'https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80', 'https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a', 'https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54', 'https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2', 'https://linux.oracle.com/cve/CVE-2024-43883.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082313-CVE-2024-43883-a594@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43883', 'https://www.cve.org/CVERecord?id=CVE-2024-43883'], 'PublishedDate': '2024-08-23T13:15:03.873Z', 'LastModifiedDate': '2024-08-23T16:18:28.547Z'}, {'VulnerabilityID': 'CVE-2024-43884', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: MGMT: Add error handling to pair_device()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43884', 'https://git.kernel.org/linus/538fd3921afac97158d4177139a0ad39f056dbb2 (6.11-rc5)', 'https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4', 'https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1', 'https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2', 'https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503', 'https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9', 'https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb', 'https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb', 'https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43884-43fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43884', 'https://www.cve.org/CVERecord?id=CVE-2024-43884'], 'PublishedDate': '2024-08-26T08:15:03.827Z', 'LastModifiedDate': '2024-09-04T12:15:04.927Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43887', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/tcp: Disable TCP-AO static key after RCU grace period', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can\'t get disabled while\n> * in this function. It doesn\'t patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 ("jump_label:\nPrevent key->enabled int overflow"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it\'s known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it\'s not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[]  <TASK>\n[]  arch_jump_label_transform_queue+0x6c/0x110\n[]  __jump_label_update+0xef/0x350\n[]  __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[]  jump_label_update_timeout+0x2c/0x40\n[]  process_one_work+0xe3b/0x1670\n[]  worker_thread+0x587/0xce0\n[]  kthread+0x28a/0x350\n[]  ret_from_fork+0x31/0x70\n[]  ret_from_fork_asm+0x1a/0x30\n[]  </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43887', 'https://git.kernel.org/linus/14ab4792ee120c022f276a7e4768f4dcb08f0cdd (6.11-rc3)', 'https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd', 'https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3', 'https://lore.kernel.org/linux-cve-announce/2024082658-CVE-2024-43887-93bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43887', 'https://www.cve.org/CVERecord?id=CVE-2024-43887'], 'PublishedDate': '2024-08-26T11:15:03.877Z', 'LastModifiedDate': '2024-09-05T19:43:44.197Z'}, {'VulnerabilityID': 'CVE-2024-43888', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: list_lru: fix UAF for memory cgroup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed.  Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n  Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43888', 'https://git.kernel.org/linus/5161b48712dcd08ec427c450399d4d1483e21dea (6.11-rc3)', 'https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab', 'https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea', 'https://lore.kernel.org/linux-cve-announce/2024082659-CVE-2024-43888-5beb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43888', 'https://www.cve.org/CVERecord?id=CVE-2024-43888'], 'PublishedDate': '2024-08-26T11:15:03.93Z', 'LastModifiedDate': '2024-08-27T14:37:52.61Z'}, {'VulnerabilityID': 'CVE-2024-43889', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43889', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n  [   10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n  [   10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n  [   10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n  [   10.017908] Workqueue: events_unbound padata_mt_helper\n  [   10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n    :\n  [   10.017963] Call Trace:\n  [   10.017968]  <TASK>\n  [   10.018004]  ? padata_mt_helper+0x39/0xb0\n  [   10.018084]  process_one_work+0x174/0x330\n  [   10.018093]  worker_thread+0x266/0x3a0\n  [   10.018111]  kthread+0xcf/0x100\n  [   10.018124]  ret_from_fork+0x31/0x50\n  [   10.018138]  ret_from_fork_asm+0x1a/0x30\n  [   10.018147]  </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0.  The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43889', 'https://git.kernel.org/linus/6d45e1c948a8b7ed6ceddb14319af69424db730c (6.11-rc3)', 'https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c', 'https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d', 'https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c', 'https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f', 'https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3', 'https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905', 'https://lore.kernel.org/linux-cve-announce/2024082600-CVE-2024-43889-4d0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43889', 'https://www.cve.org/CVERecord?id=CVE-2024-43889'], 'PublishedDate': '2024-08-26T11:15:03.98Z', 'LastModifiedDate': '2024-08-27T14:38:09.34Z'}, {'VulnerabilityID': 'CVE-2024-43890', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Fix overflow in get_free_elt()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing "tracing_map->max_size" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to "tracing_map->next_elt"\nonce it reaches "tracing_map->max_elt".', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43890', 'https://git.kernel.org/linus/bcf86c01ca4676316557dd482c8416ece8c2e143 (6.11-rc3)', 'https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6', 'https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c', 'https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5', 'https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8', 'https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143', 'https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da', 'https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18', 'https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a', 'https://linux.oracle.com/cve/CVE-2024-43890.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43890', 'https://www.cve.org/CVERecord?id=CVE-2024-43890'], 'PublishedDate': '2024-08-26T11:15:04.04Z', 'LastModifiedDate': '2024-09-05T18:48:30.32Z'}, {'VulnerabilityID': 'CVE-2024-43891', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have format file honor EVENT_FILE_FL_FREED', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the "format" file. It\'s i_private would point to\nthe "call" entry directly and not point to the file\'s meta data. This is\nbecause all format files are the same for the same "call", so it was\nthought there was no reason to differentiate them.  The other files\nmaintain state (like the "enable", "trigger", etc). But this meant if the\nfile were to disappear, the "format" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file\'s meta data flag "EVENT_FILE_FL_FREED", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43891', 'https://git.kernel.org/linus/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d (6.11-rc3)', 'https://git.kernel.org/stable/c/4ed03758ddf0b19d69eed69386d65a92d0091e0c', 'https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9', 'https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d', 'https://lore.kernel.org/linux-cve-announce/2024082603-CVE-2024-43891-a69d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43891', 'https://www.cve.org/CVERecord?id=CVE-2024-43891'], 'PublishedDate': '2024-08-26T11:15:04.103Z', 'LastModifiedDate': '2024-09-05T18:46:18.44Z'}, {'VulnerabilityID': 'CVE-2024-43892', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg: protect concurrent access to mem_cgroup_idr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after\nmany small jobs") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\'s list_lru didn\'t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\'s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43892', 'https://git.kernel.org/linus/9972605a238339b85bd16b084eed5f18414d22db (6.11-rc3)', 'https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b', 'https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946', 'https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb', 'https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05', 'https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db', 'https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278', 'https://lore.kernel.org/linux-cve-announce/2024082604-CVE-2024-43892-584a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43892', 'https://www.cve.org/CVERecord?id=CVE-2024-43892'], 'PublishedDate': '2024-08-26T11:15:04.157Z', 'LastModifiedDate': '2024-09-12T12:15:49.593Z'}, {'VulnerabilityID': 'CVE-2024-43893', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: core: check uartclk for zero to avoid divide by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43893', 'https://git.kernel.org/linus/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 (6.11-rc3)', 'https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba', 'https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e', 'https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f', 'https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8', 'https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193', 'https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49', 'https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051', 'https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2', 'https://linux.oracle.com/cve/CVE-2024-43893.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082605-CVE-2024-43893-25dd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43893', 'https://www.cve.org/CVERecord?id=CVE-2024-43893'], 'PublishedDate': '2024-08-26T11:15:04.213Z', 'LastModifiedDate': '2024-09-10T18:13:21.92Z'}, {'VulnerabilityID': 'CVE-2024-43894', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43894', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/client: fix null pointer dereference in drm_client_modeset_probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43894', 'https://git.kernel.org/linus/113fd6372a5bb3689aba8ef5b8a265ed1529a78f (6.11-rc3)', 'https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f', 'https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6', 'https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e', 'https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff', 'https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52', 'https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62', 'https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d', 'https://linux.oracle.com/cve/CVE-2024-43894.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082607-CVE-2024-43894-aeee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43894', 'https://www.cve.org/CVERecord?id=CVE-2024-43894'], 'PublishedDate': '2024-08-26T11:15:04.28Z', 'LastModifiedDate': '2024-09-10T18:09:41.23Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43902', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43902', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null checker before passing variables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43902', 'https://git.kernel.org/linus/8092aa3ab8f7b737a34b71f91492c676a843043a (6.11-rc1)', 'https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2', 'https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175', 'https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a', 'https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d', 'https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655', 'https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43902', 'https://www.cve.org/CVERecord?id=CVE-2024-43902'], 'PublishedDate': '2024-08-26T11:15:04.733Z', 'LastModifiedDate': '2024-08-27T14:38:51.73Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43905', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43905', 'https://git.kernel.org/linus/50151b7f1c79a09117837eb95b76c2de76841dab (6.11-rc1)', 'https://git.kernel.org/stable/c/0fa11f9df96217c2785b040629ff1a16900fb51c', 'https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8', 'https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80', 'https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab', 'https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239', 'https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b', 'https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43905', 'https://www.cve.org/CVERecord?id=CVE-2024-43905'], 'PublishedDate': '2024-08-26T11:15:04.897Z', 'LastModifiedDate': '2024-09-12T12:15:51.26Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43907', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43907', 'https://git.kernel.org/linus/d19fb10085a49b77578314f69fff21562f7cd054 (6.11-rc1)', 'https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac', 'https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82', 'https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30', 'https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622', 'https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054', 'https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201', 'https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43907', 'https://www.cve.org/CVERecord?id=CVE-2024-43907'], 'PublishedDate': '2024-08-26T11:15:05Z', 'LastModifiedDate': '2024-08-27T13:41:40.497Z'}, {'VulnerabilityID': 'CVE-2024-43908', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the null pointer dereference to ras_manager', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43908', 'https://git.kernel.org/linus/4c11d30c95576937c6c35e6f29884761f2dddb43 (6.11-rc1)', 'https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4', 'https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4', 'https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43', 'https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a', 'https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2', 'https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c', 'https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed', 'https://linux.oracle.com/cve/CVE-2024-43908.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43908', 'https://www.cve.org/CVERecord?id=CVE-2024-43908'], 'PublishedDate': '2024-08-26T11:15:05.057Z', 'LastModifiedDate': '2024-08-27T13:41:55.26Z'}, {'VulnerabilityID': 'CVE-2024-43909', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/pm: Fix the null pointer dereference for smu7', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43909', 'https://git.kernel.org/linus/c02c1960c93eede587576625a1221205a68a904f (6.11-rc1)', 'https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb', 'https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d', 'https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce', 'https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751', 'https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f', 'https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43909', 'https://www.cve.org/CVERecord?id=CVE-2024-43909'], 'PublishedDate': '2024-08-26T11:15:05.117Z', 'LastModifiedDate': '2024-08-27T13:41:48.467Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-43914', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/raid5: avoid BUG_ON() while continue reshape after reassembling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43914', 'https://git.kernel.org/linus/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49 (6.11-rc1)', 'https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0', 'https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49', 'https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707', 'https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab', 'https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2', 'https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600', 'https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666', 'https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705', 'https://linux.oracle.com/cve/CVE-2024-43914.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43914', 'https://www.cve.org/CVERecord?id=CVE-2024-43914'], 'PublishedDate': '2024-08-26T11:15:05.38Z', 'LastModifiedDate': '2024-09-05T18:03:49.997Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44932', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix UAFs when destroying the queues', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44932', 'https://git.kernel.org/linus/290f1c033281c1a502a3cd1c53c3a549259c491f (6.11-rc3)', 'https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f', 'https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd', 'https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44932', 'https://www.cve.org/CVERecord?id=CVE-2024-44932'], 'PublishedDate': '2024-08-26T11:15:05.5Z', 'LastModifiedDate': '2024-08-27T16:08:45.02Z'}, {'VulnerabilityID': 'CVE-2024-44934', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: mcast: wait for previous gc cycles when removing port', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n      CPU 1                   CPU 2\n start gc cycle           remove port\n                         acquire gc lock first\n wait for lock\n                         call br_multicasg_gc() directly\n acquire lock now but    free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n  Call Trace:\n   <IRQ>\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0xc3/0x620 mm/kasan/report.c:488\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n   expire_timers kernel/time/timer.c:1843 [inline]\n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n   __run_timer_base kernel/time/timer.c:2428 [inline]\n   __run_timer_base kernel/time/timer.c:2421 [inline]\n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44934', 'https://git.kernel.org/linus/92c4ee25208d0f35dafc3213cdf355fbe449e078 (6.11-rc3)', 'https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f', 'https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f', 'https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078', 'https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658', 'https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce', 'https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44934', 'https://www.cve.org/CVERecord?id=CVE-2024-44934'], 'PublishedDate': '2024-08-26T11:15:05.593Z', 'LastModifiedDate': '2024-08-27T16:07:58.727Z'}, {'VulnerabilityID': 'CVE-2024-44935', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44935', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT.  Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n  1. Two sockets call listen() concurrently\n  2. No socket in the same group found in sctp_ep_hashtable[]\n  3. Two sockets call reuseport_alloc() and form two reuseport groups\n  4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n      incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44935', 'https://git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)', 'https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5', 'https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84', 'https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c', 'https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928', 'https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18', 'https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7', 'https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913', 'https://linux.oracle.com/cve/CVE-2024-44935.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44935', 'https://www.cve.org/CVERecord?id=CVE-2024-44935'], 'PublishedDate': '2024-08-26T11:15:05.643Z', 'LastModifiedDate': '2024-08-27T16:09:01.633Z'}, {'VulnerabilityID': 'CVE-2024-44937', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on\nall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \'/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\'t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44937', 'https://git.kernel.org/linus/e075c3b13a0a142dcd3151b25d29a24f31b7b640 (6.11-rc3)', 'https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b', 'https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640', 'https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44937', 'https://www.cve.org/CVERecord?id=CVE-2024-44937'], 'PublishedDate': '2024-08-26T11:15:05.753Z', 'LastModifiedDate': '2024-08-27T16:10:11.423Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44940', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44940', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: remove warn in gue_gro_receive on unsupported protocol', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: remove warn in gue_gro_receive on unsupported protocol\n\nDrop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is\nnot known or does not have a GRO handler.\n\nSuch a packet is easily constructed. Syzbot generates them and sets\noff this warning.\n\nRemove the warning as it is expected and not actionable.\n\nThe warning was previously reduced from WARN_ON to WARN_ON_ONCE in\ncommit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad\nproto callbacks").', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44940', 'https://git.kernel.org/linus/dd89a81d850fa9a65f67b4527c0e420d15bf836c (6.11-rc1)', 'https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59', 'https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79', 'https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb', 'https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44940-249f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44940', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-44940'], 'PublishedDate': '2024-08-26T12:15:06.053Z', 'LastModifiedDate': '2024-09-12T14:10:00.857Z'}, {'VulnerabilityID': 'CVE-2024-44941', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44941', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to cover read extent cache access with lock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to cover read extent cache access with lock\n\nsyzbot reports a f2fs bug as below:\n\nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097\n\nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46\n do_read_inode fs/f2fs/inode.c:509 [inline]\n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560\n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237\n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413\n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444\n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584\n do_handle_to_path fs/fhandle.c:155 [inline]\n handle_to_path fs/fhandle.c:210 [inline]\n do_handle_open+0x495/0x650 fs/fhandle.c:226\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,\nso, below race case may happen, result in use after free issue.\n\n- f2fs_iget\n - do_read_inode\n  - f2fs_init_read_extent_tree\n  : add largest extent entry in to cache\n\t\t\t\t\t- shrink\n\t\t\t\t\t - f2fs_shrink_read_extent_tree\n\t\t\t\t\t  - __shrink_extent_tree\n\t\t\t\t\t   - __detach_extent_node\n\t\t\t\t\t   : drop largest extent entry\n  - sanity_check_extent_cache\n  : access et->largest w/o lock\n\nlet's refactor sanity_check_extent_cache() to avoid extent cache access\nand call it before f2fs_init_read_extent_tree() to fix this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44941', 'https://git.kernel.org/linus/d7409b05a64f212735f0d33f5f1602051a886eab (6.11-rc1)', 'https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8', 'https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d', 'https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44941-143e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44941', 'https://www.cve.org/CVERecord?id=CVE-2024-44941'], 'PublishedDate': '2024-08-26T12:15:06.107Z', 'LastModifiedDate': '2024-09-12T20:57:26.143Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44943', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'In the Linux kernel, the following vulnerability has been resolved:  m ...', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: gup: stop abusing try_grab_folio\n\nA kernel warning was reported when pinning folio in CMA memory when\nlaunching SEV virtual machine.  The splat looks like:\n\n[  464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520\n[  464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6\n[  464.325477] RIP: 0010:__get_user_pages+0x423/0x520\n[  464.325515] Call Trace:\n[  464.325520]  <TASK>\n[  464.325523]  ? __get_user_pages+0x423/0x520\n[  464.325528]  ? __warn+0x81/0x130\n[  464.325536]  ? __get_user_pages+0x423/0x520\n[  464.325541]  ? report_bug+0x171/0x1a0\n[  464.325549]  ? handle_bug+0x3c/0x70\n[  464.325554]  ? exc_invalid_op+0x17/0x70\n[  464.325558]  ? asm_exc_invalid_op+0x1a/0x20\n[  464.325567]  ? __get_user_pages+0x423/0x520\n[  464.325575]  __gup_longterm_locked+0x212/0x7a0\n[  464.325583]  internal_get_user_pages_fast+0xfb/0x190\n[  464.325590]  pin_user_pages_fast+0x47/0x60\n[  464.325598]  sev_pin_memory+0xca/0x170 [kvm_amd]\n[  464.325616]  sev_mem_enc_register_region+0x81/0x130 [kvm_amd]\n\nPer the analysis done by yangge, when starting the SEV virtual machine, it\nwill call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. \nBut the page is in CMA area, so fast GUP will fail then fallback to the\nslow path due to the longterm pinnalbe check in try_grab_folio().\n\nThe slow path will try to pin the pages then migrate them out of CMA area.\nBut the slow path also uses try_grab_folio() to pin the page, it will\nalso fail due to the same check then the above warning is triggered.\n\nIn addition, the try_grab_folio() is supposed to be used in fast path and\nit elevates folio refcount by using add ref unless zero.  We are guaranteed\nto have at least one stable reference in slow path, so the simple atomic add\ncould be used.  The performance difference should be trivial, but the\nmisuse may be confusing and misleading.\n\nRedefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page()\nto try_grab_folio(), and use them in the proper paths.  This solves both\nthe abuse and the kernel warning.\n\nThe proper naming makes their usecase more clear and should prevent from\nabusing in the future.\n\npeterx said:\n\n: The user will see the pin fails, for gpu-slow it further triggers the WARN\n: right below that failure (as in the original report):\n: \n:         folio = try_grab_folio(page, page_increm - 1,\n:                                 foll_flags);\n:         if (WARN_ON_ONCE(!folio)) { <------------------------ here\n:                 /*\n:                         * Release the 1st page ref if the\n:                         * folio is problematic, fail hard.\n:                         */\n:                 gup_put_folio(page_folio(page), 1,\n:                                 foll_flags);\n:                 ret = -EFAULT;\n:                 goto out;\n:         }\n\n[1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge1116@126.com/\n\n[shy828301@gmail.com: fix implicit declaration of function try_grab_folio_fast]\n  Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xjhA@mail.gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44943', 'https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)', 'https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f', 'https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787', 'https://lore.kernel.org/linux-cve-announce/2024082853-CVE-2024-44943-234f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44943', 'https://www.cve.org/CVERecord?id=CVE-2024-44943'], 'PublishedDate': '2024-08-28T08:15:06.963Z', 'LastModifiedDate': '2024-09-10T18:12:43.38Z'}, {'VulnerabilityID': 'CVE-2024-44944', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: ctnetlink: use helper function to calculate expect ID', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44944', 'https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)', 'https://git.kernel.org/stable/c/24f407042cf90b0872de667460230d8d50c06c39', 'https://git.kernel.org/stable/c/27662b46f2adaa52c1665a82af4b21c42c4337fd', 'https://git.kernel.org/stable/c/5e2c24f7b0911b15c29aefce760bcf770542fb61', 'https://git.kernel.org/stable/c/64c0b8e64be8368617ef08dfc59a3160563a1435', 'https://git.kernel.org/stable/c/66e7650dbbb8e236e781c670b167edc81e771450', 'https://git.kernel.org/stable/c/74de442b8e12a207c07953ee068009a7701aff8f', 'https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299', 'https://git.kernel.org/stable/c/eb4ca1a97e08ff5b920664ba292e576257e2d184', 'https://linux.oracle.com/cve/CVE-2024-44944.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024083044-CVE-2024-44944-56c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44944', 'https://www.cve.org/CVERecord?id=CVE-2024-44944', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1182/'], 'PublishedDate': '2024-08-30T08:15:04.58Z', 'LastModifiedDate': '2024-09-10T08:15:03.23Z'}, {'VulnerabilityID': 'CVE-2024-44946', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kcm: Serialise kcm_sendmsg() for the same socket.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n  2. Thread A resumes building skb from kcm->seq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44946', 'https://git.kernel.org/linus/807067bf014d4a3ae2cc55bd3de16f22a01eb580 (6.11-rc5)', 'https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da', 'https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b', 'https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849', 'https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580', 'https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec', 'https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23', 'https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914', 'https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e', 'https://lore.kernel.org/linux-cve-announce/2024083150-CVE-2024-44946-9cf1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44946', 'https://www.cve.org/CVERecord?id=CVE-2024-44946'], 'PublishedDate': '2024-08-31T14:15:04.32Z', 'LastModifiedDate': '2024-09-04T12:15:05.15Z'}, {'VulnerabilityID': 'CVE-2024-44947', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44947', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fuse: Initialize beyond-EOF page contents before setting uptodate', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44947', 'https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5', 'https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e', 'https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9', 'https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6', 'https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a', 'https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4', 'https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9', 'https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6', 'https://lore.kernel.org/linux-cve-announce/2024090219-CVE-2024-44947-f49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44947', 'https://www.cve.org/CVERecord?id=CVE-2024-44947'], 'PublishedDate': '2024-09-02T18:15:36.577Z', 'LastModifiedDate': '2024-09-16T17:52:37.563Z'}, {'VulnerabilityID': 'CVE-2024-44948', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mtrr: Check if fixed MTRRs exist before saving them', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44948', 'https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)', 'https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9', 'https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e', 'https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6', 'https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051', 'https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462', 'https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7', 'https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614', 'https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16', 'https://linux.oracle.com/cve/CVE-2024-44948.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090407-CVE-2024-44948-5554@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44948', 'https://www.cve.org/CVERecord?id=CVE-2024-44948'], 'PublishedDate': '2024-09-04T19:15:29.95Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44951', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix TX fifo corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change\nEFR lock to operate on each channels"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44951', 'https://git.kernel.org/linus/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4 (6.11-rc3)', 'https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd', 'https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44951-9121@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44951', 'https://www.cve.org/CVERecord?id=CVE-2024-44951'], 'PublishedDate': '2024-09-04T19:15:30.153Z', 'LastModifiedDate': '2024-10-09T14:27:43.973Z'}, {'VulnerabilityID': 'CVE-2024-44952', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver core: Fix uevent_show() vs driver detach race', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix uevent_show() vs driver detach race\n\nuevent_show() wants to de-reference dev->driver->name. There is no clean\nway for a device attribute to de-reference dev->driver unless that\nattribute is defined via (struct device_driver).dev_groups. Instead, the\nanti-pattern of taking the device_lock() in the attribute handler risks\ndeadlocks with code paths that remove device attributes while holding\nthe lock.\n\nThis deadlock is typically invisible to lockdep given the device_lock()\nis marked lockdep_set_novalidate_class(), but some subsystems allocate a\nlocal lockdep key for @dev->mutex to reveal reports of the form:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 6.10.0-rc7+ #275 Tainted: G           OE    N\n ------------------------------------------------------\n modprobe/2374 is trying to acquire lock:\n ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220\n\n but task is already holding lock:\n ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&cxl_root_key){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc30\n        uevent_show+0xac/0x130\n        dev_attr_show+0x18/0x40\n        sysfs_kf_seq_show+0xac/0xf0\n        seq_read_iter+0x110/0x450\n        vfs_read+0x25b/0x340\n        ksys_read+0x67/0xf0\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n -> #0 (kn->active#6){++++}-{0:0}:\n        __lock_acquire+0x121a/0x1fa0\n        lock_acquire+0xd6/0x2e0\n        kernfs_drain+0x1e9/0x200\n        __kernfs_remove+0xde/0x220\n        kernfs_remove_by_name_ns+0x5e/0xa0\n        device_del+0x168/0x410\n        device_unregister+0x13/0x60\n        devres_release_all+0xb8/0x110\n        device_unbind_cleanup+0xe/0x70\n        device_release_driver_internal+0x1c7/0x210\n        driver_detach+0x47/0x90\n        bus_remove_driver+0x6c/0xf0\n        cxl_acpi_exit+0xc/0x11 [cxl_acpi]\n        __do_sys_delete_module.isra.0+0x181/0x260\n        do_syscall_64+0x75/0x190\n        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe observation though is that driver objects are typically much longer\nlived than device objects. It is reasonable to perform lockless\nde-reference of a @driver pointer even if it is racing detach from a\ndevice. Given the infrequency of driver unregistration, use\nsynchronize_rcu() in module_remove_driver() to close any potential\nraces.  It is potentially overkill to suffer synchronize_rcu() just to\nhandle the rare module removal racing uevent_show() event.\n\nThanks to Tetsuo Handa for the debug analysis of the syzbot report [1].', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44952', 'https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c (6.11-rc3)', 'https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c', 'https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1', 'https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b', 'https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62', 'https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d', 'https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef', 'https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2', 'https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1', 'https://linux.oracle.com/cve/CVE-2024-44952.html', 'https://linux.oracle.com/errata/ELSA-2024-12779.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44952', 'https://www.cve.org/CVERecord?id=CVE-2024-44952'], 'PublishedDate': '2024-09-04T19:15:30.213Z', 'LastModifiedDate': '2024-09-06T16:37:38.37Z'}, {'VulnerabilityID': 'CVE-2024-44953', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix deadlock during RTC update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n<ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4\n<ffffffee5e71e604> __schedule+0x684/0xa98\n<ffffffee5e71ea60> schedule+0x48/0xc8\n<ffffffee5e725f78> schedule_timeout+0x48/0x170\n<ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0\n<ffffffee5e71efe0> wait_for_completion+0x44/0x60\n<ffffffee5d6de968> __flush_work+0x39c/0x424\n<ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208\n<ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28\n<ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480\n<ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4\n<ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8\n<ffffffee5df93580> __rpm_callback+0x94/0x3e0\n<ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c\n<ffffffee5df91448> __pm_runtime_suspend+0x80/0x114\n<ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c\n<ffffffee5df912f4> rpm_idle+0x264/0x338\n<ffffffee5df90f14> __pm_runtime_idle+0x80/0x110\n<ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4\n<ffffffee5d6e3a40> process_one_work+0x26c/0x650\n<ffffffee5d6e65c8> worker_thread+0x260/0x3d8\n<ffffffee5d6edec8> kthread+0x110/0x134\n<ffffffee5d616b18> ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44953', 'https://git.kernel.org/linus/3911af778f208e5f49d43ce739332b91e26bc48e (6.11-rc2)', 'https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e', 'https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44953-1a10@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44953', 'https://www.cve.org/CVERecord?id=CVE-2024-44953'], 'PublishedDate': '2024-09-04T19:15:30.297Z', 'LastModifiedDate': '2024-09-06T16:37:33.65Z'}, {'VulnerabilityID': 'CVE-2024-44954', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: line6: Fix racy access to midibuf', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44954', 'https://git.kernel.org/linus/15b7a03205b31bc5623378c190d22b7ff60026f1 (6.11-rc3)', 'https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1', 'https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5', 'https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a', 'https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747', 'https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81', 'https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d', 'https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e', 'https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29', 'https://linux.oracle.com/cve/CVE-2024-44954.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44954-6838@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44954', 'https://www.cve.org/CVERecord?id=CVE-2024-44954'], 'PublishedDate': '2024-09-04T19:15:30.353Z', 'LastModifiedDate': '2024-10-10T18:02:42.307Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44958', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44958', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/smt: Fix unbalance sched_smt_present dec/inc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n <TASK>\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44958', 'https://git.kernel.org/linus/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 (6.11-rc2)', 'https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4', 'https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b', 'https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66', 'https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab', 'https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44958-80e9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44958', 'https://www.cve.org/CVERecord?id=CVE-2024-44958'], 'PublishedDate': '2024-09-04T19:15:30.58Z', 'LastModifiedDate': '2024-10-10T17:56:24.467Z'}, {'VulnerabilityID': 'CVE-2024-44959', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracefs: Use generic inode RCU for synchronizing freeing', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for 'struct inode' we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of 'struct inode' we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[<...>] ------------[ cut here ]------------\n[<...>] kernel BUG at lib/list_debug.c:54!\n[<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0\n[<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[<...>] RSI: __func__.47+0x4340/0x4400\n[<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[<...>] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[<...>] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[<...>] ASID: 0003\n[<...>] Stack:\n[<...>]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[<...>]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[<...>]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[<...>] Call Trace:\n[<...>]  <TASK>\n[<...>]  [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0\n[<...>]  [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48\n[<...>]  [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[<...>]  [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[<...>]  [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[<...>]  [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[<...>]  [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[<...>]  [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[<...>]  [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[<...>]  [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[<...>]  [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[<...>]  [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[<...>]  [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[<...>]  [<ffffffff8294ad20>] ? do_one_tre\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44959', 'https://git.kernel.org/linus/0b6743bd60a56a701070b89fb80c327a44b7b3e2 (6.11-rc3)', 'https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6', 'https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2', 'https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44959-61a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44959', 'https://www.cve.org/CVERecord?id=CVE-2024-44959'], 'PublishedDate': '2024-09-04T19:15:30.637Z', 'LastModifiedDate': '2024-10-10T17:54:07.96Z'}, {'VulnerabilityID': 'CVE-2024-44960', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44960', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: core: Check for unset descriptor', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44960', 'https://git.kernel.org/linus/973a57891608a98e894db2887f278777f564de18 (6.11-rc3)', 'https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1', 'https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62', 'https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4', 'https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e', 'https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18', 'https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf', 'https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a', 'https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244', 'https://linux.oracle.com/cve/CVE-2024-44960.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090413-CVE-2024-44960-039b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44960', 'https://www.cve.org/CVERecord?id=CVE-2024-44960'], 'PublishedDate': '2024-09-04T19:15:30.7Z', 'LastModifiedDate': '2024-10-04T16:44:05.497Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44964', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44964', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: idpf: fix memory leaks and crashes while performing a soft reset', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector->vport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into "bad state",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\'s\na clear memory leak here.\n\nJust don\'t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44964', 'https://git.kernel.org/linus/f01032a2ca099ec8d619aaa916c3762aa62495df (6.11-rc3)', 'https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b', 'https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44964-ebb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44964', 'https://www.cve.org/CVERecord?id=CVE-2024-44964'], 'PublishedDate': '2024-09-04T19:15:30.94Z', 'LastModifiedDate': '2024-09-06T16:36:45.137Z'}, {'VulnerabilityID': 'CVE-2024-44965', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a 'short' clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44965', 'https://git.kernel.org/linus/41e71dbb0e0a0fe214545fe64af031303a08524c (6.11-rc2)', 'https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e', 'https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8', 'https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c', 'https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346', 'https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763', 'https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed', 'https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6', 'https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c', 'https://linux.oracle.com/cve/CVE-2024-44965.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090415-CVE-2024-44965-d41d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44965', 'https://www.cve.org/CVERecord?id=CVE-2024-44965'], 'PublishedDate': '2024-09-04T19:15:30.99Z', 'LastModifiedDate': '2024-10-04T16:17:15.23Z'}, {'VulnerabilityID': 'CVE-2024-44966', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binfmt_flat: Fix corruption when not offsetting data start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44966', 'https://git.kernel.org/linus/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 (6.11-rc4)', 'https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c', 'https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671', 'https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1', 'https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c', 'https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44966-3aac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44966', 'https://www.cve.org/CVERecord?id=CVE-2024-44966'], 'PublishedDate': '2024-09-04T19:15:31.06Z', 'LastModifiedDate': '2024-10-04T16:15:30.047Z'}, {'VulnerabilityID': 'CVE-2024-44967', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mgag200: Bind I2C lifetime to DRM device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector's lifetime by\nusing DRM's managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44967', 'https://git.kernel.org/linus/eb1ae34e48a09b7a1179c579aed042b032e408f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c', 'https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17', 'https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191', 'https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4', 'https://lore.kernel.org/linux-cve-announce/2024090453-CVE-2024-44967-dd14@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44967', 'https://www.cve.org/CVERecord?id=CVE-2024-44967'], 'PublishedDate': '2024-09-04T19:15:31.117Z', 'LastModifiedDate': '2024-10-03T18:21:17.23Z'}, {'VulnerabilityID': 'CVE-2024-44969', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/sclp: Prevent release of buffer in I/O', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44969', 'https://git.kernel.org/linus/bf365071ea92b9579d5a272679b74052a5643e35 (6.11-rc1)', 'https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633', 'https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05', 'https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506', 'https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79', 'https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe', 'https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148', 'https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463', 'https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35', 'https://linux.oracle.com/cve/CVE-2024-44969.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44969-48bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44969', 'https://www.cve.org/CVERecord?id=CVE-2024-44969'], 'PublishedDate': '2024-09-04T19:15:31.24Z', 'LastModifiedDate': '2024-10-03T17:38:41.333Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44971', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44971', 'https://git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)', 'https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c', 'https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c', 'https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71', 'https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819', 'https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a', 'https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44971-eb75@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44971', 'https://www.cve.org/CVERecord?id=CVE-2024-44971'], 'PublishedDate': '2024-09-04T19:15:31.367Z', 'LastModifiedDate': '2024-09-05T17:54:36.607Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44973', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm, slub: do not call do_slab_free for kfence object', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44973', 'https://git.kernel.org/linus/a371d558e6f3aed977a8a7346350557de5d25190 (6.11-rc3)', 'https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190', 'https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949', 'https://lore.kernel.org/linux-cve-announce/2024090425-CVE-2024-44973-a92d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44973', 'https://www.cve.org/CVERecord?id=CVE-2024-44973'], 'PublishedDate': '2024-09-04T19:15:31.487Z', 'LastModifiedDate': '2024-10-03T14:23:09.147Z'}, {'VulnerabilityID': 'CVE-2024-44974', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44974', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: avoid possible UaF when selecting endp', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44974', 'https://git.kernel.org/linus/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d (6.11-rc5)', 'https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f', 'https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1', 'https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d', 'https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8', 'https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1', 'https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38', 'https://lore.kernel.org/linux-cve-announce/2024090440-CVE-2024-44974-dbe8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44974', 'https://www.cve.org/CVERecord?id=CVE-2024-44974'], 'PublishedDate': '2024-09-04T20:15:07.1Z', 'LastModifiedDate': '2024-09-12T12:15:51.397Z'}, {'VulnerabilityID': 'CVE-2024-44975', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cgroup/cpuset: fix panic caused by partcmd_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n <TASK>\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44975', 'https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a (6.11-rc5)', 'https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6', 'https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a', 'https://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44975', 'https://www.cve.org/CVERecord?id=CVE-2024-44975'], 'PublishedDate': '2024-09-04T20:15:07.16Z', 'LastModifiedDate': '2024-10-03T14:32:31.677Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-44978', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44978', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Free job before xe_exec_queue_put', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job->vm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44978', 'https://git.kernel.org/linus/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a (6.11-rc5)', 'https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c', 'https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44978-096b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44978', 'https://www.cve.org/CVERecord?id=CVE-2024-44978'], 'PublishedDate': '2024-09-04T20:15:07.343Z', 'LastModifiedDate': '2024-09-10T16:51:19.813Z'}, {'VulnerabilityID': 'CVE-2024-44979', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44979', 'https://git.kernel.org/linus/a6f78359ac75f24cac3c1bdd753c49c1877bcd82 (6.11-rc5)', 'https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82', 'https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44979-74c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44979', 'https://www.cve.org/CVERecord?id=CVE-2024-44979'], 'PublishedDate': '2024-09-04T20:15:07.4Z', 'LastModifiedDate': '2024-10-10T17:44:36.417Z'}, {'VulnerabilityID': 'CVE-2024-44980', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44980', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Fix opregion leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm "modprobe", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\'............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n    [<ffffffff81d09048>] really_probe+0xf8/0x390\n    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n    [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44980', 'https://git.kernel.org/linus/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f (6.11-rc5)', 'https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f', 'https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44980', 'https://www.cve.org/CVERecord?id=CVE-2024-44980'], 'PublishedDate': '2024-09-04T20:15:07.46Z', 'LastModifiedDate': '2024-10-10T17:42:53.433Z'}, {'VulnerabilityID': 'CVE-2024-44982', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44982', 'https://git.kernel.org/linus/bfa1a6283be390947d3649c482e5167186a37016 (6.11-rc5)', 'https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae', 'https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962', 'https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f', 'https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d', 'https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44982-dd24@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44982', 'https://www.cve.org/CVERecord?id=CVE-2024-44982'], 'PublishedDate': '2024-09-04T20:15:07.593Z', 'LastModifiedDate': '2024-10-10T17:09:54.35Z'}, {'VulnerabilityID': 'CVE-2024-44983', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: validate vlan header', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44983', 'https://git.kernel.org/linus/6ea14ccb60c8ab829349979b22b58a941ec4a3ee (6.11-rc5)', 'https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9', 'https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa', 'https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee', 'https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537', 'https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3', 'https://lore.kernel.org/linux-cve-announce/2024090444-CVE-2024-44983-dcdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44983', 'https://www.cve.org/CVERecord?id=CVE-2024-44983'], 'PublishedDate': '2024-09-04T20:15:07.657Z', 'LastModifiedDate': '2024-09-10T16:57:55.11Z'}, {'VulnerabilityID': 'CVE-2024-44984', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44984', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44984', 'https://git.kernel.org/linus/8baeef7616d5194045c5a6b97fd1246b87c55b13 (6.11-rc5)', 'https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13', 'https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c', 'https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44984-43ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44984', 'https://www.cve.org/CVERecord?id=CVE-2024-44984'], 'PublishedDate': '2024-09-04T20:15:07.717Z', 'LastModifiedDate': '2024-10-10T16:48:56.167Z'}, {'VulnerabilityID': 'CVE-2024-44985', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44985', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent possible UAF in ip6_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 7.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44985', 'https://git.kernel.org/linus/2d5ff7e339d04622d8282661df36151906d0e1c7 (6.11-rc5)', 'https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8', 'https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7', 'https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17', 'https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596', 'https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44985-2dde@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44985', 'https://www.cve.org/CVERecord?id=CVE-2024-44985'], 'PublishedDate': '2024-09-04T20:15:07.777Z', 'LastModifiedDate': '2024-09-05T17:54:11.313Z'}, {'VulnerabilityID': 'CVE-2024-44986', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44986', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: fix possible UAF in ip6_finish_output2()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44986', 'https://git.kernel.org/linus/da273b377ae0d9bd255281ed3c2adb228321687b (6.11-rc5)', 'https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e', 'https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a', 'https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b', 'https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b', 'https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037', 'https://lore.kernel.org/linux-cve-announce/2024090445-CVE-2024-44986-1197@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44986', 'https://www.cve.org/CVERecord?id=CVE-2024-44986'], 'PublishedDate': '2024-09-04T20:15:07.833Z', 'LastModifiedDate': '2024-09-05T17:54:04.127Z'}, {'VulnerabilityID': 'CVE-2024-44987', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44987', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: prevent UAF in ip6_send_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44987', 'https://git.kernel.org/linus/faa389b2fbaaec7fd27a390b4896139f9da662e3 (6.11-rc5)', 'https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a', 'https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429', 'https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25', 'https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011', 'https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e', 'https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8', 'https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2', 'https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44987-f916@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44987', 'https://www.cve.org/CVERecord?id=CVE-2024-44987'], 'PublishedDate': '2024-09-04T20:15:07.89Z', 'LastModifiedDate': '2024-09-05T17:53:54.687Z'}, {'VulnerabilityID': 'CVE-2024-44988', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44988', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dsa: mv88e6xxx: Fix out-of-bound access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44988', 'https://git.kernel.org/linus/528876d867a23b5198022baf2e388052ca67c952 (6.11-rc5)', 'https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd', 'https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484', 'https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952', 'https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3', 'https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7', 'https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d', 'https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44988-516a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44988', 'https://www.cve.org/CVERecord?id=CVE-2024-44988'], 'PublishedDate': '2024-09-04T20:15:07.96Z', 'LastModifiedDate': '2024-10-10T16:44:14.767Z'}, {'VulnerabilityID': 'CVE-2024-44989', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix xfrm real_dev null pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  <TASK>\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44989', 'https://git.kernel.org/linus/f8cde9805981c50d0c029063dc7d82821806fc44 (6.11-rc5)', 'https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21', 'https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294', 'https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548', 'https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f', 'https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436', 'https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44989', 'https://www.cve.org/CVERecord?id=CVE-2024-44989'], 'PublishedDate': '2024-09-04T20:15:08.02Z', 'LastModifiedDate': '2024-09-06T16:31:22.253Z'}, {'VulnerabilityID': 'CVE-2024-44990', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44990', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44990', 'https://git.kernel.org/linus/95c90e4ad89d493a7a14fa200082e466e2548f9d (6.11-rc5)', 'https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6', 'https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59', 'https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab', 'https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309', 'https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d', 'https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c', 'https://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44990-6b62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44990', 'https://www.cve.org/CVERecord?id=CVE-2024-44990'], 'PublishedDate': '2024-09-04T20:15:08.087Z', 'LastModifiedDate': '2024-09-06T16:31:12.87Z'}, {'VulnerabilityID': 'CVE-2024-44991', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44991', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp: prevent concurrent execution of tcp_sk_exit_batch', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \'failed\' netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can "steal" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -> 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\'t seem like an actual bug (no tw sockets got lost and I don\'t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44991', 'https://git.kernel.org/linus/565d121b69980637f040eb4d84289869cdaabedf (6.11-rc5)', 'https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf', 'https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e', 'https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f', 'https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44991-2437@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44991', 'https://www.cve.org/CVERecord?id=CVE-2024-44991'], 'PublishedDate': '2024-09-04T20:15:08.15Z', 'LastModifiedDate': '2024-10-09T14:36:15.79Z'}, {'VulnerabilityID': 'CVE-2024-44993', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44993', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type '__u32 [7]'\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the '__u32 [7]' array. The eighth\nregister exists indeed on V3D 7.1, but it isn't currently used. That\nbeing so, let's guarantee that it remains unused and add a note that it\ncould be set in a future patch.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44993', 'https://git.kernel.org/linus/497d370a644d95a9f04271aa92cb96d32e84c770 (6.11-rc4)', 'https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770', 'https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7', 'https://lore.kernel.org/linux-cve-announce/2024090447-CVE-2024-44993-b6db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44993', 'https://www.cve.org/CVERecord?id=CVE-2024-44993'], 'PublishedDate': '2024-09-04T20:15:08.257Z', 'LastModifiedDate': '2024-09-06T16:28:49.18Z'}, {'VulnerabilityID': 'CVE-2024-44995', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix a deadlock problem when config TC during resetting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 │\n                                 ▼\n                              ......\nsetup tc                         │\n    │                            ▼\n    ▼                      DOWN: napi_disable()\nnapi_disable()(skip)             │\n    │                            │\n    ▼                            ▼\n  ......                      ......\n    │                            │\n    ▼                            │\nnapi_enable()                    │\n                                 ▼\n                           UINIT: netif_napi_del()\n                                 │\n                                 ▼\n                              ......\n                                 │\n                                 ▼\n                           INIT: netif_napi_add()\n                                 │\n                                 ▼\n                              ......                 global reset start\n                                 │                      │\n                                 ▼                      ▼\n                           UP: napi_enable()(skip)    ......\n                                 │                      │\n                                 ▼                      ▼\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44995', 'https://git.kernel.org/linus/be5e816d00a506719e9dbb1a9c861c5ced30a109 (6.11-rc4)', 'https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc', 'https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16', 'https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8', 'https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109', 'https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1', 'https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9', 'https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44995-16e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44995', 'https://www.cve.org/CVERecord?id=CVE-2024-44995'], 'PublishedDate': '2024-09-04T20:15:08.353Z', 'LastModifiedDate': '2024-09-15T18:15:34.54Z'}, {'VulnerabilityID': 'CVE-2024-44996', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vsock: fix recursive -&gt;recvmsg calls', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive ->recvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot->recvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -> __vsock_recvmsg()\n  -> vsock_connectible_recvmsg()\n   -> prot->recvmsg()\n    -> vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original ->recvmsg() without any BPF\nsockmap logic in __vsock_recvmsg().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-674'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44996', 'https://git.kernel.org/linus/69139d2919dd4aa9a553c8245e7c63e82613e3fc (6.11-rc4)', 'https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc', 'https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5', 'https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135', 'https://lore.kernel.org/linux-cve-announce/2024090448-CVE-2024-44996-8b26@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44996', 'https://www.cve.org/CVERecord?id=CVE-2024-44996'], 'PublishedDate': '2024-09-04T20:15:08.413Z', 'LastModifiedDate': '2024-09-16T12:21:47.37Z'}, {'VulnerabilityID': 'CVE-2024-44998', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: atm: idt77252: prevent use after free in dequeue_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\'t dereference "skb" after calling vcc->push() because the skb\nis released.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44998', 'https://git.kernel.org/linus/a9a18e8f770c9b0703dab93580d0b02e199a4c79 (6.11-rc4)', 'https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1', 'https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d', 'https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518', 'https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55', 'https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d', 'https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10', 'https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79', 'https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44998-6505@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44998', 'https://www.cve.org/CVERecord?id=CVE-2024-44998'], 'PublishedDate': '2024-09-04T20:15:08.52Z', 'LastModifiedDate': '2024-09-06T16:28:16Z'}, {'VulnerabilityID': 'CVE-2024-44999', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: pull network headers in gtp_dev_xmit()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44999', 'https://git.kernel.org/linus/3a3be7ff9224f424e485287b54be00d2c6bd9c40 (6.11-rc4)', 'https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593', 'https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1', 'https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f', 'https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9', 'https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40', 'https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3', 'https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e', 'https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-44999-187d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44999', 'https://www.cve.org/CVERecord?id=CVE-2024-44999'], 'PublishedDate': '2024-09-04T20:15:08.59Z', 'LastModifiedDate': '2024-09-06T16:27:51.89Z'}, {'VulnerabilityID': 'CVE-2024-45000', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/netfs/fscache_cookie: add missing "n_accesses" check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing "n_accesses" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   <TASK>\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie->cache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object->volume->cache;\n\nDuring cachefiles_prepare_write(), the "n_accesses" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in "case\nFSCACHE_COOKIE_STATE_FAILED"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING ("case\nFSCACHE_COOKIE_STATE_ACTIVE").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45000', 'https://git.kernel.org/linus/f71aa06398aabc2e3eaac25acdf3d62e0094ba70 (6.11-rc4)', 'https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d', 'https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b', 'https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6', 'https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70', 'https://lore.kernel.org/linux-cve-announce/2024090449-CVE-2024-45000-fd6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45000', 'https://www.cve.org/CVERecord?id=CVE-2024-45000'], 'PublishedDate': '2024-09-04T20:15:08.657Z', 'LastModifiedDate': '2024-09-06T16:27:31.003Z'}, {'VulnerabilityID': 'CVE-2024-45001', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix RX buf alloc_size alignment and atomic op panic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45001', 'https://git.kernel.org/linus/32316f676b4ee87c0404d333d248ccf777f739bc (6.11-rc4)', 'https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc', 'https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa', 'https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45001-50df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45001', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45001'], 'PublishedDate': '2024-09-04T20:15:08.71Z', 'LastModifiedDate': '2024-10-09T14:49:39.953Z'}, {'VulnerabilityID': 'CVE-2024-45002', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtla/osnoise: Prevent NULL dereference in error handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the "tool->data" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45002', 'https://git.kernel.org/linus/90574d2a675947858b47008df8d07f75ea50d0d0 (6.11-rc4)', 'https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d', 'https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0', 'https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01', 'https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45002-c292@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45002', 'https://www.cve.org/CVERecord?id=CVE-2024-45002'], 'PublishedDate': '2024-09-04T20:15:08.763Z', 'LastModifiedDate': '2024-09-06T16:27:13.727Z'}, {'VulnerabilityID': 'CVE-2024-45003', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: vfs: Don't evict inode under the inode lru traversing context", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 > /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru->i_ea->i_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea->i_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(&i_reg->i_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg->nlink = 0\n      iput(i_reg) // i_reg->nlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea->i_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----? AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 > /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru->ixa->ib->ia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa->i_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(&ib->i_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib->nlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf->io_mutex\n      ubifs_iget(ixa->i_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib->nlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          ?             ubifs_jnl_write_inode\n     ABBA deadlock ?-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45003', 'https://git.kernel.org/linus/2a0629834cd82f05d424bbc193374f9a43d1f87d (6.11-rc4)', 'https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8', 'https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d', 'https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72', 'https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98', 'https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f', 'https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32', 'https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88', 'https://lore.kernel.org/linux-cve-announce/2024090450-CVE-2024-45003-3bc2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45003', 'https://www.cve.org/CVERecord?id=CVE-2024-45003'], 'PublishedDate': '2024-09-04T20:15:08.823Z', 'LastModifiedDate': '2024-10-09T15:07:31.027Z'}, {'VulnerabilityID': 'CVE-2024-45005', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: s390: fix validity interception issue when gisa is switched off', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter "kvm.use_gisa=0" or by setting the related sysfs\nattribute to N (echo N >/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\'s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          >000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm]\n [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70\n [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0\n [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0\n [<000003d9be0f9a90>] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45005', 'https://git.kernel.org/linus/5a44bb061d04b0306f2aa8add761d86d152b9377 (6.11-rc4)', 'https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6', 'https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1', 'https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45005-2297@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45005', 'https://www.cve.org/CVERecord?id=CVE-2024-45005'], 'PublishedDate': '2024-09-04T20:15:08.94Z', 'LastModifiedDate': '2024-10-09T15:30:03.767Z'}, {'VulnerabilityID': 'CVE-2024-45006', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45006', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45006', 'https://git.kernel.org/linus/af8e119f52e9c13e556be9e03f27957554a84656 (6.11-rc4)', 'https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59', 'https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d', 'https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea', 'https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1', 'https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd', 'https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b', 'https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656', 'https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6', 'https://lore.kernel.org/linux-cve-announce/2024090451-CVE-2024-45006-6642@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45006', 'https://www.cve.org/CVERecord?id=CVE-2024-45006'], 'PublishedDate': '2024-09-04T20:15:08.997Z', 'LastModifiedDate': '2024-09-06T16:26:52.64Z'}, {'VulnerabilityID': 'CVE-2024-45007', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: char: xillybus: Don't destroy workqueue from work item running on it", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don't destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45007', 'https://git.kernel.org/linus/ccbde4b128ef9c73d14d0d7817d68ef795f6d131 (6.11-rc4)', 'https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9', 'https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3', 'https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157', 'https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157', 'https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45007', 'https://www.cve.org/CVERecord?id=CVE-2024-45007'], 'PublishedDate': '2024-09-04T20:15:09.053Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45008', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: MT - limit max slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45008', 'https://git.kernel.org/linus/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb (6.11-rc2)', 'https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549', 'https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e', 'https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322', 'https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba', 'https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43', 'https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505', 'https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb', 'https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73', 'https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45008-1d89@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45008', 'https://www.cve.org/CVERecord?id=CVE-2024-45008'], 'PublishedDate': '2024-09-04T20:15:09.107Z', 'LastModifiedDate': '2024-09-05T12:53:21.11Z'}, {'VulnerabilityID': 'CVE-2024-45009', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the "remove single subflow" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \'subflow\' endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\'s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45009', 'https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)', 'https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd', 'https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c', 'https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d', 'https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7', 'https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608', 'https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45009', 'https://www.cve.org/CVERecord?id=CVE-2024-45009'], 'PublishedDate': '2024-09-11T16:15:06.427Z', 'LastModifiedDate': '2024-09-13T16:36:57.233Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45011', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: char: xillybus: Check USB endpoints when probing device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints' addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45011', 'https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)', 'https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731', 'https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594', 'https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda', 'https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658', 'https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45011', 'https://www.cve.org/CVERecord?id=CVE-2024-45011'], 'PublishedDate': '2024-09-11T16:15:06.55Z', 'LastModifiedDate': '2024-09-13T16:36:55.757Z'}, {'VulnerabilityID': 'CVE-2024-45012', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau/firmware: use dma non-coherent allocator', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45012', 'https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)', 'https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e', 'https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e', 'https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45012', 'https://www.cve.org/CVERecord?id=CVE-2024-45012'], 'PublishedDate': '2024-09-11T16:15:06.607Z', 'LastModifiedDate': '2024-09-13T16:35:35.787Z'}, {'VulnerabilityID': 'CVE-2024-45013', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: move stopping keep-alive into nvme_uninit_ctrl()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd ("nvme: start keep-alive after admin queue setup")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\'t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45013', 'https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)', 'https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54', 'https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45013', 'https://www.cve.org/CVERecord?id=CVE-2024-45013'], 'PublishedDate': '2024-09-11T16:15:06.663Z', 'LastModifiedDate': '2024-09-13T16:35:42.49Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'FixedVersion': '6.8.0-1017.18~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-45018', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45018', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: flowtable: initialise extack before use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45018', 'https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)', 'https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1', 'https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7', 'https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78', 'https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f', 'https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d', 'https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45018', 'https://www.cve.org/CVERecord?id=CVE-2024-45018'], 'PublishedDate': '2024-09-11T16:15:06.933Z', 'LastModifiedDate': '2024-09-13T16:36:24.397Z'}, {'VulnerabilityID': 'CVE-2024-45019', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45019', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Take state lock during tx timeout reporter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45019', 'https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)', 'https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b', 'https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809', 'https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e', 'https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45019', 'https://www.cve.org/CVERecord?id=CVE-2024-45019'], 'PublishedDate': '2024-09-11T16:15:06.99Z', 'LastModifiedDate': '2024-09-13T16:36:19.36Z'}, {'VulnerabilityID': 'CVE-2024-45020', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45020', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix a kernel verifier crash in stacksafe()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n    if (exact != NOT_EXACT &&\n        old->stack[spi].slot_type[i % BPF_REG_SIZE] !=\n        cur->stack[spi].slot_type[i % BPF_REG_SIZE])\n            return false;\n\nThe 'i' iterates old->allocated_stack.\nIf cur->allocated_stack < old->allocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add 'i >= cur->allocated_stack' check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45020', 'https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)', 'https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b', 'https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08', 'https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45020', 'https://www.cve.org/CVERecord?id=CVE-2024-45020'], 'PublishedDate': '2024-09-11T16:15:07.05Z', 'LastModifiedDate': '2024-09-13T16:36:52.29Z'}, {'VulnerabilityID': 'CVE-2024-45021', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg_write_event_control(): fix a user-triggerable oops', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45021', 'https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)', 'https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e', 'https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227', 'https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8', 'https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61', 'https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7', 'https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b', 'https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c', 'https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45021', 'https://www.cve.org/CVERecord?id=CVE-2024-45021'], 'PublishedDate': '2024-09-11T16:15:07.103Z', 'LastModifiedDate': '2024-09-13T16:36:31.583Z'}, {'VulnerabilityID': 'CVE-2024-45022', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift.  However, since commit e9c3cda4d86e ("mm,\nvmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0).  This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n    __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n        vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\n            vmap_pages_range()\n                vmap_pages_range_noflush()\n                    __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0.  Therefore, it is\nunnecessary to fallback to order-0 here.  Therefore, fix this by removing\nthe fallback code.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45022', 'https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)', 'https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca', 'https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2', 'https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f', 'https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45022', 'https://www.cve.org/CVERecord?id=CVE-2024-45022'], 'PublishedDate': '2024-09-11T16:15:07.163Z', 'LastModifiedDate': '2024-09-13T16:36:39.043Z'}, {'VulnerabilityID': 'CVE-2024-45025', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old->full_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old->max_fds, so there's no open descriptors\npast count, let alone fully occupied words in ->open_fds[],\nwhich is what bits in ->full_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in ->full_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45025', 'https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)', 'https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff', 'https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058', 'https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a', 'https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958', 'https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a', 'https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6', 'https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7', 'https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df', 'https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45025', 'https://www.cve.org/CVERecord?id=CVE-2024-45025'], 'PublishedDate': '2024-09-11T16:15:07.44Z', 'LastModifiedDate': '2024-09-13T16:30:07.073Z'}, {'VulnerabilityID': 'CVE-2024-45026', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error recovery leading to data corruption on ESE devices', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45026', 'https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)', 'https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246', 'https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8', 'https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc', 'https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b', 'https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd', 'https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a', 'https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45026', 'https://www.cve.org/CVERecord?id=CVE-2024-45026'], 'PublishedDate': '2024-09-11T16:15:07.507Z', 'LastModifiedDate': '2024-09-13T16:29:55.927Z'}, {'VulnerabilityID': 'CVE-2024-45027', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45027', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: xhci: Check for xhci-&gt;interrupters being allocated in xhci_mem_clearup()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci->interrupters\nis allocated but after xhci->max_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci->interrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci->interrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45027', 'https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)', 'https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c', 'https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45027', 'https://www.cve.org/CVERecord?id=CVE-2024-45027'], 'PublishedDate': '2024-09-11T16:15:07.57Z', 'LastModifiedDate': '2024-09-13T16:29:44.213Z'}, {'VulnerabilityID': 'CVE-2024-45028', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45028', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mmc: mmc_test: Fix NULL dereference on allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the "test->highmem = alloc_pages()" allocation fails then calling\n__free_pages(test->highmem) will result in a NULL dereference.  Also\nchange the error code to -ENOMEM instead of returning success.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45028', 'https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)', 'https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06', 'https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63', 'https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea', 'https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd', 'https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c', 'https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6', 'https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9', 'https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45028', 'https://www.cve.org/CVERecord?id=CVE-2024-45028'], 'PublishedDate': '2024-09-11T16:15:07.647Z', 'LastModifiedDate': '2024-09-13T16:29:35.877Z'}, {'VulnerabilityID': 'CVE-2024-45029', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45029', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: tegra: Do not mark ACPI devices as irq safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n&dev->power.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45029', 'https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)', 'https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b', 'https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905', 'https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287', 'https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45029', 'https://www.cve.org/CVERecord?id=CVE-2024-45029'], 'PublishedDate': '2024-09-11T16:15:07.717Z', 'LastModifiedDate': '2024-09-13T16:29:29.74Z'}, {'VulnerabilityID': 'CVE-2024-45030', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igb: cope with large MAX_SKB_FRAGS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine.  With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45030', 'https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)', 'https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d', 'https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109', 'https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab', 'https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45030', 'https://www.cve.org/CVERecord?id=CVE-2024-45030'], 'PublishedDate': '2024-09-11T16:15:07.77Z', 'LastModifiedDate': '2024-09-13T16:29:23.557Z'}, {'VulnerabilityID': 'CVE-2024-46672', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the\ndriver for SAE/OWE offload cases") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46672', 'https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)', 'https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197', 'https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1', 'https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f', 'https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46672', 'https://www.cve.org/CVERecord?id=CVE-2024-46672'], 'PublishedDate': '2024-09-11T16:15:07.84Z', 'LastModifiedDate': '2024-09-13T16:29:17.123Z'}, {'VulnerabilityID': 'CVE-2024-46673', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: aacraid: Fix double-free on probe failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46673', 'https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)', 'https://git.kernel.org/stable/c/4b540ec7c0045c2d01c4e479f34bbc8f147afa4c', 'https://git.kernel.org/stable/c/564e1986b00c5f05d75342f8407f75f0a17b94df', 'https://git.kernel.org/stable/c/60962c3d8e18e5d8dfa16df788974dd7f35bd87a', 'https://git.kernel.org/stable/c/85449b28ff6a89c4513115e43ddcad949b5890c9', 'https://git.kernel.org/stable/c/8a3995a3ffeca280a961b59f5c99843d81b15929', 'https://git.kernel.org/stable/c/919ddf8336f0b84c0453bac583808c9f165a85c2', 'https://git.kernel.org/stable/c/9e96dea7eff6f2bbcd0b42a098012fc66af9eb69', 'https://git.kernel.org/stable/c/d237c7d06ffddcdb5d36948c527dc01284388218', 'https://lore.kernel.org/linux-cve-announce/2024091333-CVE-2024-46673-c49c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46673', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://www.cve.org/CVERecord?id=CVE-2024-46673'], 'PublishedDate': '2024-09-13T06:15:11.917Z', 'LastModifiedDate': '2024-09-13T16:51:39.117Z'}, {'VulnerabilityID': 'CVE-2024-46675', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46675', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: dwc3: core: Prevent USB core invalid event buffer address access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n        1. In dwc3_gadget_suspend, there is a chance of a timeout when\n        moving the USB core to the halt state after clearing the\n        run/stop bit by software.\n        2. In dwc3_core_exit, the event buffer is cleared regardless of\n        the USB core's status, which may lead to an SMMU faults and\n        other memory issues. if the USB core tries to access the event\n        buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software  when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46675', 'https://git.kernel.org/linus/14e497183df28c006603cc67fd3797a537eef7b9 (6.11-rc6)', 'https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93', 'https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9', 'https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b', 'https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab', 'https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f', 'https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914', 'https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72', 'https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46675-ba70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46675', 'https://www.cve.org/CVERecord?id=CVE-2024-46675'], 'PublishedDate': '2024-09-13T06:15:12.117Z', 'LastModifiedDate': '2024-09-20T17:18:48.753Z'}, {'VulnerabilityID': 'CVE-2024-46676', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: pn533: Add poll mod list filling check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\'if (!im_protocols && !tm_protocols)\' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a "bad"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    ->start_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46676', 'https://git.kernel.org/linus/febccb39255f9df35527b88c953b2e0deae50e53 (6.11-rc6)', 'https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946', 'https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5', 'https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723', 'https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4', 'https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33', 'https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31', 'https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53', 'https://lore.kernel.org/linux-cve-announce/2024091335-CVE-2024-46676-0b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46676', 'https://www.cve.org/CVERecord?id=CVE-2024-46676'], 'PublishedDate': '2024-09-13T06:15:12.223Z', 'LastModifiedDate': '2024-09-23T14:42:38.23Z'}, {'VulnerabilityID': 'CVE-2024-46677', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46677', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gtp: fix a potential NULL pointer dereference', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46677', 'https://git.kernel.org/linus/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (6.11-rc6)', 'https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d', 'https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87', 'https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2', 'https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39', 'https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c', 'https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e', 'https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda', 'https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46677', 'https://www.cve.org/CVERecord?id=CVE-2024-46677'], 'PublishedDate': '2024-09-13T06:15:12.36Z', 'LastModifiedDate': '2024-09-13T16:51:53.69Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46679', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46679', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: check device is present when getting link settings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n     [exception RIP: qed_get_current_link+17]\n  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n    state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n("net-sysfs: add check for netdevice being present to speed_show").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon\'t have a device presence check.\n\nMove this check into ethtool to protect all callers.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46679', 'https://git.kernel.org/linus/a699781c79ecf6cfe67fb00a0331b4088c7c8466 (6.11-rc6)', 'https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2', 'https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc', 'https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e', 'https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb', 'https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4', 'https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466', 'https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46679', 'https://www.cve.org/CVERecord?id=CVE-2024-46679'], 'PublishedDate': '2024-09-13T06:15:12.53Z', 'LastModifiedDate': '2024-09-23T14:47:23.287Z'}, {'VulnerabilityID': 'CVE-2024-46680', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46680', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix random crash seen while removing driver', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix random crash seen while removing driver\n\nThis fixes the random kernel crash seen while removing the driver, when\nrunning the load/unload test over multiple iterations.\n\n1) modprobe btnxpuart\n2) hciconfig hci0 reset\n3) hciconfig (check hci0 interface up with valid BD address)\n4) modprobe -r btnxpuart\nRepeat steps 1 to 4\n\nThe ps_wakeup() call in btnxpuart_close() schedules the psdata->work(),\nwhich gets scheduled after module is removed, causing a kernel crash.\n\nThis hidden issue got highlighted after enabling Power Save by default\nin 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on\nstartup)\n\nThe new ps_cleanup() deasserts UART break immediately while closing\nserdev device, cancels any scheduled ps_work and destroys the ps_lock\nmutex.\n\n[   85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258\n[   85.884624] Mem abort info:\n[   85.884625]   ESR = 0x0000000086000007\n[   85.884628]   EC = 0x21: IABT (current EL), IL = 32 bits\n[   85.884633]   SET = 0, FnV = 0\n[   85.884636]   EA = 0, S1PTW = 0\n[   85.884638]   FSC = 0x07: level 3 translation fault\n[   85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000\n[   85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000\n[   85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n[   85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]\n[   85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G           O       6.1.36+g937b1be4345a #1\n[   85.936176] Hardware name: FSL i.MX8MM EVK board (DT)\n[   85.936182] Workqueue: events 0xffffd4a61638f380\n[   85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   85.952817] pc : 0xffffd4a61638f258\n[   85.952823] lr : 0xffffd4a61638f258\n[   85.952827] sp : ffff8000084fbd70\n[   85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000\n[   85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305\n[   85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970\n[   85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000\n[   85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090\n[   85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139\n[   85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50\n[   85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8\n[   85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000\n[   85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000\n[   85.977443] Call trace:\n[   85.977446]  0xffffd4a61638f258\n[   85.977451]  0xffffd4a61638f3e8\n[   85.977455]  process_one_work+0x1d4/0x330\n[   85.977464]  worker_thread+0x6c/0x430\n[   85.977471]  kthread+0x108/0x10c\n[   85.977476]  ret_from_fork+0x10/0x20\n[   85.977488] Code: bad PC value\n[   85.977491] ---[ end trace 0000000000000000 ]---\n\nPreset since v6.9.11', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46680', 'https://git.kernel.org/linus/35237475384ab3622f63c3c09bdf6af6dacfe9c3 (6.11-rc6)', 'https://git.kernel.org/stable/c/29a1d9971e38f92c84b363ff50379dd434ddfe1c', 'https://git.kernel.org/stable/c/35237475384ab3622f63c3c09bdf6af6dacfe9c3', 'https://git.kernel.org/stable/c/662a55986b88807da4d112d838c8aaa05810e938', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46680-f40d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46680', 'https://www.cve.org/CVERecord?id=CVE-2024-46680'], 'PublishedDate': '2024-09-13T06:15:12.617Z', 'LastModifiedDate': '2024-09-23T14:45:10.233Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46683', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46683', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: prevent UAF around preempt fence', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: prevent UAF around preempt fence\n\nThe fence lock is part of the queue, therefore in the current design\nanything locking the fence should then also hold a ref to the queue to\nprevent the queue from being freed.\n\nHowever, currently it looks like we signal the fence and then drop the\nqueue ref, but if something is waiting on the fence, the waiter is\nkicked to wake up at some later point, where upon waking up it first\ngrabs the lock before checking the fence state. But if we have already\ndropped the queue ref, then the lock might already be freed as part of\nthe queue, leading to uaf.\n\nTo prevent this, move the fence lock into the fence itself so we don't\nrun into lifetime issues. Alternative might be to have device level\nlock, or only release the queue in the fence release callback, however\nthat might require pushing to another worker to avoid locking issues.\n\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342\nReferences: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020\n(cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46683', 'https://git.kernel.org/linus/730b72480e29f63fd644f5fa57c9d46109428953 (6.11-rc5)', 'https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4', 'https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46683-e513@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46683', 'https://www.cve.org/CVERecord?id=CVE-2024-46683'], 'PublishedDate': '2024-09-13T06:15:12.993Z', 'LastModifiedDate': '2024-09-13T16:52:14.373Z'}, {'VulnerabilityID': 'CVE-2024-46685', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46685', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: single: fix potential NULL dereference in pcs_get_function()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46685', 'https://git.kernel.org/linus/1c38a62f15e595346a1106025722869e87ffe044 (6.11-rc6)', 'https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191', 'https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044', 'https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f', 'https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11', 'https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10', 'https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7', 'https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075', 'https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46685-6606@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46685', 'https://www.cve.org/CVERecord?id=CVE-2024-46685'], 'PublishedDate': '2024-09-13T06:15:13.2Z', 'LastModifiedDate': '2024-09-14T16:00:55.547Z'}, {'VulnerabilityID': 'CVE-2024-46686', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46686', 'https://git.kernel.org/linus/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf (6.11-rc6)', 'https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7', 'https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2', 'https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc', 'https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46686-5b18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46686', 'https://www.cve.org/CVERecord?id=CVE-2024-46686'], 'PublishedDate': '2024-09-13T06:15:13.28Z', 'LastModifiedDate': '2024-09-14T16:16:33.087Z'}, {'VulnerabilityID': 'CVE-2024-46687', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46687', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()\n\n[BUG]\nThere is an internal report that KASAN is reporting use-after-free, with\nthe following backtrace:\n\n  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45\n  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   dump_stack_lvl+0x61/0x80\n   print_address_description.constprop.0+0x5e/0x2f0\n   print_report+0x118/0x216\n   kasan_report+0x11d/0x1f0\n   btrfs_check_read_bio+0xa68/0xb70 [btrfs]\n   process_one_work+0xce0/0x12a0\n   worker_thread+0x717/0x1250\n   kthread+0x2e3/0x3c0\n   ret_from_fork+0x2d/0x70\n   ret_from_fork_asm+0x11/0x20\n\n  Allocated by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   __kasan_slab_alloc+0x7d/0x80\n   kmem_cache_alloc_noprof+0x16e/0x3e0\n   mempool_alloc_noprof+0x12e/0x310\n   bio_alloc_bioset+0x3f0/0x7a0\n   btrfs_bio_alloc+0x2e/0x50 [btrfs]\n   submit_extent_page+0x4d1/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n  Freed by task 20917:\n   kasan_save_stack+0x37/0x60\n   kasan_save_track+0x10/0x30\n   kasan_save_free_info+0x37/0x50\n   __kasan_slab_free+0x4b/0x60\n   kmem_cache_free+0x214/0x5d0\n   bio_free+0xed/0x180\n   end_bbio_data_read+0x1cc/0x580 [btrfs]\n   btrfs_submit_chunk+0x98d/0x1880 [btrfs]\n   btrfs_submit_bio+0x33/0x70 [btrfs]\n   submit_one_bio+0xd4/0x130 [btrfs]\n   submit_extent_page+0x3ea/0xdb0 [btrfs]\n   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]\n   btrfs_readahead+0x29a/0x430 [btrfs]\n   read_pages+0x1a7/0xc60\n   page_cache_ra_unbounded+0x2ad/0x560\n   filemap_get_pages+0x629/0xa20\n   filemap_read+0x335/0xbf0\n   vfs_read+0x790/0xcb0\n   ksys_read+0xfd/0x1d0\n   do_syscall_64+0x6d/0x140\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[CAUSE]\nAlthough I cannot reproduce the error, the report itself is good enough\nto pin down the cause.\n\nThe call trace is the regular endio workqueue context, but the\nfree-by-task trace is showing that during btrfs_submit_chunk() we\nalready hit a critical error, and is calling btrfs_bio_end_io() to error\nout.  And the original endio function called bio_put() to free the whole\nbio.\n\nThis means a double freeing thus causing use-after-free, e.g.:\n\n1. Enter btrfs_submit_bio() with a read bio\n   The read bio length is 128K, crossing two 64K stripes.\n\n2. The first run of btrfs_submit_chunk()\n\n2.1 Call btrfs_map_block(), which returns 64K\n2.2 Call btrfs_split_bio()\n    Now there are two bios, one referring to the first 64K, the other\n    referring to the second 64K.\n2.3 The first half is submitted.\n\n3. The second run of btrfs_submit_chunk()\n\n3.1 Call btrfs_map_block(), which by somehow failed\n    Now we call btrfs_bio_end_io() to handle the error\n\n3.2 btrfs_bio_end_io() calls the original endio function\n    Which is end_bbio_data_read(), and it calls bio_put() for the\n    original bio.\n\n    Now the original bio is freed.\n\n4. The submitted first 64K bio finished\n   Now we call into btrfs_check_read_bio() and tries to advance the bio\n   iter.\n   But since the original bio (thus its iter) is already freed, we\n   trigger the above use-after free.\n\n   And even if the memory is not poisoned/corrupted, we will later call\n   the original endio function, causing a double freeing.\n\n[FIX]\nInstead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),\nwhich has the extra check on split bios and do the pr\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46687', 'https://git.kernel.org/linus/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 (6.11-rc6)', 'https://git.kernel.org/stable/c/10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10', 'https://git.kernel.org/stable/c/4a3b9e1a8e6cd1a8d427a905e159de58d38941cc', 'https://git.kernel.org/stable/c/51722b99f41f5e722ffa10b8f61e802a0e70b331', 'https://lore.kernel.org/linux-cve-announce/2024091338-CVE-2024-46687-5668@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46687', 'https://www.cve.org/CVERecord?id=CVE-2024-46687'], 'PublishedDate': '2024-09-13T06:15:13.377Z', 'LastModifiedDate': '2024-09-14T16:17:33.073Z'}, {'VulnerabilityID': 'CVE-2024-46689', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46689', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: cmd-db: Map shared memory as WC, not WB\n\nLinux does not write into cmd-db region. This region of memory is write\nprotected by XPU. XPU may sometime falsely detect clean cache eviction\nas "write" into the write protected region leading to secure interrupt\nwhich causes an endless loop somewhere in Trust Zone.\n\nThe only reason it is working right now is because Qualcomm Hypervisor\nmaps the same region as Non-Cacheable memory in Stage 2 translation\ntables. The issue manifests if we want to use another hypervisor (like\nXen or KVM), which does not know anything about those specific mappings.\n\nChanging the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC\nremoves dependency on correct mappings in Stage 2 tables. This patch\nfixes the issue by updating the mapping to MEMREMAP_WC.\n\nI tested this on SA8155P with Xen.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46689', 'https://git.kernel.org/linus/f9bb896eab221618927ae6a2f1d566567999839d (6.11-rc6)', 'https://git.kernel.org/stable/c/0ee9594c974368a17e85a431e9fe1c14fb65c278', 'https://git.kernel.org/stable/c/62c2d63605ca25b5db78a347ed303c0a0a77d5b4', 'https://git.kernel.org/stable/c/d9d48d70e922b272875cda60d2ada89291c840cf', 'https://git.kernel.org/stable/c/eaff392c1e34fb77cc61505a31b0191e5e46e271', 'https://git.kernel.org/stable/c/ef80520be0ff78ae5ed44cb6eee1525e65bebe70', 'https://git.kernel.org/stable/c/f5a5a5a0e95f36e2792d48e6e4b64e665eb01374', 'https://git.kernel.org/stable/c/f9bb896eab221618927ae6a2f1d566567999839d', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46689-4c19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46689', 'https://www.cve.org/CVERecord?id=CVE-2024-46689'], 'PublishedDate': '2024-09-13T06:15:13.653Z', 'LastModifiedDate': '2024-09-20T15:52:23.727Z'}, {'VulnerabilityID': 'CVE-2024-46691', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Move unregister out of atomic section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \'9329933699b3 ("soc: qcom: pmic_glink: Make client-lock\nnon-sleeping")\' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\'t feasible as it\'s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46691', 'https://git.kernel.org/linus/11bb2ffb679399f99041540cf662409905179e3a (6.11-rc6)', 'https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714', 'https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46691-93e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46691', 'https://www.cve.org/CVERecord?id=CVE-2024-46691'], 'PublishedDate': '2024-09-13T06:15:13.96Z', 'LastModifiedDate': '2024-09-13T16:52:21.057Z'}, {'VulnerabilityID': 'CVE-2024-46692', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46692', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: scm: Mark get_wq_ctx() as atomic call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46692', 'https://git.kernel.org/linus/9960085a3a82c58d3323c1c20b991db6045063b0 (6.11-rc6)', 'https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0', 'https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06', 'https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5', 'https://lore.kernel.org/linux-cve-announce/2024091339-CVE-2024-46692-f287@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46692', 'https://www.cve.org/CVERecord?id=CVE-2024-46692'], 'PublishedDate': '2024-09-13T06:15:14.047Z', 'LastModifiedDate': '2024-09-13T16:52:31.627Z'}, {'VulnerabilityID': 'CVE-2024-46693', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: soc: qcom: pmic_glink: Fix race during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pmic_glink: Fix race during initialization\n\nAs pointed out by Stephen Boyd it is possible that during initialization\nof the pmic_glink child drivers, the protection-domain notifiers fires,\nand the associated work is scheduled, before the client registration\nreturns and as a result the local "client" pointer has been initialized.\n\nThe outcome of this is a NULL pointer dereference as the "client"\npointer is blindly dereferenced.\n\nTimeline provided by Stephen:\n CPU0                               CPU1\n ----                               ----\n ucsi->client = NULL;\n devm_pmic_glink_register_client()\n  client->pdr_notify(client->priv, pg->client_state)\n   pmic_glink_ucsi_pdr_notify()\n    schedule_work(&ucsi->register_work)\n    <schedule away>\n                                    pmic_glink_ucsi_register()\n                                     ucsi_register()\n                                      pmic_glink_ucsi_read_version()\n                                       pmic_glink_ucsi_read()\n                                        pmic_glink_ucsi_read()\n                                         pmic_glink_send(ucsi->client)\n                                         <client is NULL BAD>\n ucsi->client = client // Too late!\n\nThis code is identical across the altmode, battery manager and usci\nchild drivers.\n\nResolve this by splitting the allocation of the "client" object and the\nregistration thereof into two operations.\n\nThis only happens if the protection domain registry is populated at the\ntime of registration, which by the introduction of commit \'1ebcde047c54\n("soc: qcom: add pd-mapper implementation")\' became much more likely.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46693', 'https://git.kernel.org/linus/3568affcddd68743e25aa3ec1647d9b82797757b (6.11-rc6)', 'https://git.kernel.org/stable/c/1efdbf5323c9360e05066049b97414405e94e087', 'https://git.kernel.org/stable/c/3568affcddd68743e25aa3ec1647d9b82797757b', 'https://git.kernel.org/stable/c/943b0e7cc646a624bb20a68080f8f1a4a55df41c', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46693-cbe3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46693', 'https://www.cve.org/CVERecord?id=CVE-2024-46693'], 'PublishedDate': '2024-09-13T06:15:14.14Z', 'LastModifiedDate': '2024-09-13T16:52:41.27Z'}, {'VulnerabilityID': 'CVE-2024-46694', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46694', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: avoid using null object of framebuffer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid using null object of framebuffer\n\nInstead of using state->fb->obj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.\n\n(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46694', 'https://git.kernel.org/linus/3b9a33235c773c7a3768060cf1d2cf8a9153bc37 (6.11-rc6)', 'https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e', 'https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37', 'https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051', 'https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46694-0706@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46694', 'https://www.cve.org/CVERecord?id=CVE-2024-46694'], 'PublishedDate': '2024-09-13T06:15:14.24Z', 'LastModifiedDate': '2024-09-19T18:16:22.247Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46697', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46697', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: ensure that nfsd4_fattr_args.context is zeroed out\n\nIf nfsd4_encode_fattr4 ends up doing a "goto out" before we get to\nchecking for the security label, then args.context will be set to\nuninitialized junk on the stack, which we\'ll then try to free.\nInitialize it early.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46697', 'https://git.kernel.org/linus/f58bab6fd4063913bd8321e99874b8239e9ba726 (6.11-rc6)', 'https://git.kernel.org/stable/c/dd65b324174a64558a16ebbf4c3266e5701185d0', 'https://git.kernel.org/stable/c/f58bab6fd4063913bd8321e99874b8239e9ba726', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46697-d166@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46697', 'https://www.cve.org/CVERecord?id=CVE-2024-46697'], 'PublishedDate': '2024-09-13T06:15:14.5Z', 'LastModifiedDate': '2024-09-19T17:53:43.173Z'}, {'VulnerabilityID': 'CVE-2024-46698', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46698', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: video/aperture: optionally match the device in sysfb_disable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: optionally match the device in sysfb_disable()\n\nIn aperture_remove_conflicting_pci_devices(), we currently only\ncall sysfb_disable() on vga class devices.  This leads to the\nfollowing problem when the pimary device is not VGA compatible:\n\n1. A PCI device with a non-VGA class is the boot display\n2. That device is probed first and it is not a VGA device so\n   sysfb_disable() is not called, but the device resources\n   are freed by aperture_detach_platform_device()\n3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()\n4. NULL pointer dereference via sysfb_disable() since the resources\n   have already been freed by aperture_detach_platform_device() when\n   it was called by the other device.\n\nFix this by passing a device pointer to sysfb_disable() and checking\nthe device to determine if we should execute it or not.\n\nv2: Fix build when CONFIG_SCREEN_INFO is not set\nv3: Move device check into the mutex\n    Drop primary variable in aperture_remove_conflicting_pci_devices()\n    Drop __init on pci sysfb_pci_dev_is_enabled()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46698', 'https://git.kernel.org/linus/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7 (6.11-rc6)', 'https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf', 'https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7', 'https://lore.kernel.org/linux-cve-announce/2024091341-CVE-2024-46698-357c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46698', 'https://www.cve.org/CVERecord?id=CVE-2024-46698'], 'PublishedDate': '2024-09-13T06:15:14.563Z', 'LastModifiedDate': '2024-09-13T16:53:03Z'}, {'VulnerabilityID': 'CVE-2024-46701', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: libfs: fix infinite directory reads for offset dir', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibfs: fix infinite directory reads for offset dir\n\nAfter we switch tmpfs dir operations from simple_dir_operations to\nsimple_offset_dir_operations, every rename happened will fill new dentry\nto dest dir\'s maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free\nkey starting with octx->newx_offset, and then set newx_offset equals to\nfree key + 1. This will lead to infinite readdir combine with rename\nhappened at the same time, which fail generic/736 in xfstests(detail show\nas below).\n\n1. create 5000 files(1 2 3...) under one dir\n2. call readdir(man 3 readdir) once, and get one entry\n3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)\n4. loop 2~3, until readdir return nothing or we loop too many\n   times(tmpfs break test with the second condition)\n\nWe choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite\ndirectory reads") to fix it, record the last_index when we open dir, and\ndo not emit the entry which index >= last_index. The file->private_data\nnow used in offset dir can use directly to do this, and we also update\nthe last_index when we llseek the dir file.\n\n[brauner: only update last_index after seek when offset is zero like Jan suggested]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46701', 'https://git.kernel.org/linus/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a (6.11-rc4)', 'https://git.kernel.org/stable/c/308b4fc2403b335894592ee9dc212a5e58bb309f', 'https://git.kernel.org/stable/c/64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a', 'https://lore.kernel.org/linux-cve-announce/2024091326-CVE-2024-46701-ad65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46701', 'https://www.cve.org/CVERecord?id=CVE-2024-46701'], 'PublishedDate': '2024-09-13T07:15:05.127Z', 'LastModifiedDate': '2024-09-19T13:40:27.817Z'}, {'VulnerabilityID': 'CVE-2024-46702', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46702', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thunderbolt: Mark XDomain as unplugged when router is removed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46702', 'https://git.kernel.org/linus/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d (6.11-rc4)', 'https://git.kernel.org/stable/c/18b3ad2a3cc877dd4b16f48d84aa27b78d53bf1d', 'https://git.kernel.org/stable/c/23ce6ba3b95488a2b9e9f6d43b340da0c15395dc', 'https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8', 'https://git.kernel.org/stable/c/7ca24cf9163c112bb6b580c6fb57c04a1f8b76e1', 'https://git.kernel.org/stable/c/80ac8d194831eca0c2f4fd862f7925532fda320c', 'https://git.kernel.org/stable/c/e2006140ad2e01a02ed0aff49cc2ae3ceeb11f8d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46702-9b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46702', 'https://www.cve.org/CVERecord?id=CVE-2024-46702'], 'PublishedDate': '2024-09-13T07:15:05.217Z', 'LastModifiedDate': '2024-09-19T13:35:58.637Z'}, {'VulnerabilityID': 'CVE-2024-46703', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;serial: 8250_omap: Set the console genpd always on if no console suspend&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "serial: 8250_omap: Set the console genpd always on if no console suspend"\n\nThis reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940.\n\nKevin reported that this causes a crash during suspend on platforms that\ndont use PM domains.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46703', 'https://git.kernel.org/linus/0863bffda1131fd2fa9c05b653ad9ee3d8db127e (6.11-rc4)', 'https://git.kernel.org/stable/c/0863bffda1131fd2fa9c05b653ad9ee3d8db127e', 'https://git.kernel.org/stable/c/321aecb079e9ca8b1af90778068a6fb40f2bf22d', 'https://lore.kernel.org/linux-cve-announce/2024091329-CVE-2024-46703-1f29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46703', 'https://www.cve.org/CVERecord?id=CVE-2024-46703'], 'PublishedDate': '2024-09-13T07:15:05.317Z', 'LastModifiedDate': '2024-09-19T13:33:57.563Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46706', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: mark last busy before uart_add_one_port\n\nWith "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel\nsometimes boot hang. It is because normal console still is not ready,\nbut runtime suspend is called, so early console putchar will hang\nin waiting TRDE set in UARTSTAT.\n\nThe lpuart driver has auto suspend delay set to 3000ms, but during\nuart_add_one_port, a child device serial ctrl will added and probed with\nits pm runtime enabled(see serial_ctrl.c).\nThe runtime suspend call path is:\ndevice_add\n     |-> bus_probe_device\n           |->device_initial_probe\n\t           |->__device_attach\n                         |-> pm_runtime_get_sync(dev->parent);\n\t\t\t |-> pm_request_idle(dev);\n\t\t\t |-> pm_runtime_put(dev->parent);\n\nSo in the end, before normal console ready, the lpuart get runtime\nsuspended. And earlycon putchar will hang.\n\nTo address the issue, mark last busy just after pm_runtime_enable,\nthree seconds is long enough to switch from bootconsole to normal\nconsole.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46706', 'https://git.kernel.org/linus/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c (6.11-rc4)', 'https://git.kernel.org/stable/c/3ecf625d4acb71d726bc0b49403cf68388b3d58d', 'https://git.kernel.org/stable/c/8eb92cfca6c2c5a15ab1773f3d18ab8d8f7dbb68', 'https://git.kernel.org/stable/c/dc98d76a15bc29a9a4e76f2f65f39f3e590fb15c', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46706-ea07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46706', 'https://www.cve.org/CVERecord?id=CVE-2024-46706'], 'PublishedDate': '2024-09-13T07:15:05.56Z', 'LastModifiedDate': '2024-09-19T17:51:07.67Z'}, {'VulnerabilityID': 'CVE-2024-46707', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46707', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46707', 'https://git.kernel.org/linus/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f (6.11-rc5)', 'https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef', 'https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc', 'https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f', 'https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d', 'https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1', 'https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46707-9e4f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46707', 'https://www.cve.org/CVERecord?id=CVE-2024-46707'], 'PublishedDate': '2024-09-13T07:15:05.643Z', 'LastModifiedDate': '2024-09-19T13:29:46.757Z'}, {'VulnerabilityID': 'CVE-2024-46708', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46708', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pinctrl: qcom: x1e80100: Fix special pin offsets', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: qcom: x1e80100: Fix special pin offsets\n\nRemove the erroneus 0x100000 offset to prevent the boards from crashing\non pin state setting, as well as for the intended state changes to take\neffect.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46708', 'https://git.kernel.org/linus/d3692d95cc4d88114b070ee63cffc976f00f207f (6.11-rc6)', 'https://git.kernel.org/stable/c/0197bf772f657fbdea5e9bdec5eea6e67d82cbde', 'https://git.kernel.org/stable/c/d3692d95cc4d88114b070ee63cffc976f00f207f', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46708-95c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46708', 'https://www.cve.org/CVERecord?id=CVE-2024-46708'], 'PublishedDate': '2024-09-13T07:15:05.717Z', 'LastModifiedDate': '2024-09-19T13:28:49.483Z'}, {'VulnerabilityID': 'CVE-2024-46709', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46709', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix prime with external buffers', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix prime with external buffers\n\nMake sure that for external buffers mapping goes through the dma_buf\ninterface instead of trying to access pages directly.\n\nExternal buffers might not provide direct access to readable/writable\npages so to make sure the bo's created from external dma_bufs can be\nread dma_buf interface has to be used.\n\nFixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't\ntrigger this due to the fact that virtual machines will not have\nmultiple GPUs but it enables better test coverage in IGT.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46709', 'https://git.kernel.org/linus/50f1199250912568606b3778dc56646c10cb7b04 (6.11-rc6)', 'https://git.kernel.org/stable/c/50f1199250912568606b3778dc56646c10cb7b04', 'https://git.kernel.org/stable/c/5c12391ee1ab59cb2f3be3f1f5e6d0fc0c2dc854', 'https://git.kernel.org/stable/c/9a9716bbbf3dd6b6cbefba3abcc89af8b72631f4', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46709-2465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46709', 'https://www.cve.org/CVERecord?id=CVE-2024-46709'], 'PublishedDate': '2024-09-13T07:15:05.793Z', 'LastModifiedDate': '2024-09-19T13:26:24.14Z'}, {'VulnerabilityID': 'CVE-2024-46710', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46710', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Prevent unmapping active read buffers', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Prevent unmapping active read buffers\n\nThe kms paths keep a persistent map active to read and compare the cursor\nbuffer. These maps can race with each other in simple scenario where:\na) buffer "a" mapped for update\nb) buffer "a" mapped for compare\nc) do the compare\nd) unmap "a" for compare\ne) update the cursor\nf) unmap "a" for update\nAt step "e" the buffer has been unmapped and the read contents is bogus.\n\nPrevent unmapping of active read buffers by simply keeping a count of\nhow many paths have currently active maps and unmap only when the count\nreaches 0.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46710', 'https://git.kernel.org/linus/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea (6.11-rc6)', 'https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0', 'https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5', 'https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea', 'https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e', 'https://lore.kernel.org/linux-cve-announce/2024091347-CVE-2024-46710-cd88@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46710', 'https://www.cve.org/CVERecord?id=CVE-2024-46710'], 'PublishedDate': '2024-09-13T07:15:05.88Z', 'LastModifiedDate': '2024-10-17T14:15:07.63Z'}, {'VulnerabilityID': 'CVE-2024-46711', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46711', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n\'local_addr_used\' and \'add_addr_accepted\' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don\'t count as "additional local address being used" or\n"ADD_ADDR being accepted".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46711', 'https://git.kernel.org/linus/9366922adc6a71378ca01f898c41be295309f044 (6.11-rc6)', 'https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc', 'https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb', 'https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044', 'https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe', 'https://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46711', 'https://www.cve.org/CVERecord?id=CVE-2024-46711'], 'PublishedDate': '2024-09-13T07:15:05.953Z', 'LastModifiedDate': '2024-09-19T13:12:30.39Z'}, {'VulnerabilityID': 'CVE-2024-46713', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46713', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/aux: Fix AUX buffer serialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46713', 'https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)', 'https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a', 'https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff', 'https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82', 'https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d', 'https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370', 'https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef', 'https://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46713', 'https://www.cve.org/CVERecord?id=CVE-2024-46713'], 'PublishedDate': '2024-09-13T15:15:15.01Z', 'LastModifiedDate': '2024-09-13T16:37:22.997Z'}, {'VulnerabilityID': 'CVE-2024-46714', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46714', 'https://git.kernel.org/linus/c4d31653c03b90e51515b1380115d1aedad925dd (6.11-rc1)', 'https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b', 'https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4', 'https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786', 'https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50', 'https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca', 'https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd', 'https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a', 'https://lore.kernel.org/linux-cve-announce/2024091831-CVE-2024-46714-73de@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46714', 'https://www.cve.org/CVERecord?id=CVE-2024-46714'], 'PublishedDate': '2024-09-18T07:15:03.06Z', 'LastModifiedDate': '2024-09-30T12:50:27.723Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46719', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Fix null pointer dereference in trace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix null pointer dereference in trace\n\nucsi_register_altmode checks IS_ERR for the alt pointer and treats\nNULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,\nucsi_register_displayport returns NULL which causes a NULL pointer\ndereference in trace. Rather than return NULL, call\ntypec_port_register_altmode to register DisplayPort alternate mode\nas a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46719', 'https://git.kernel.org/linus/99516f76db48e1a9d54cdfed63c1babcee4e71a5 (6.11-rc1)', 'https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9', 'https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7', 'https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870', 'https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b', 'https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830', 'https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5', 'https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46719-4a53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46719', 'https://www.cve.org/CVERecord?id=CVE-2024-46719'], 'PublishedDate': '2024-09-18T07:15:03.357Z', 'LastModifiedDate': '2024-09-20T18:21:49.963Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46721', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46721', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: apparmor: fix possible NULL pointer dereference', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46721', 'https://git.kernel.org/linus/3dd384108d53834002be5630132ad5c3f32166ad (6.11-rc1)', 'https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9', 'https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad', 'https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85', 'https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8', 'https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363', 'https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346', 'https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64', 'https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46721-9aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46721', 'https://www.cve.org/CVERecord?id=CVE-2024-46721'], 'PublishedDate': '2024-09-18T07:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:22:46.637Z'}, {'VulnerabilityID': 'CVE-2024-46722', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46722', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix mc_data out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46722', 'https://git.kernel.org/linus/51dfc0a4d609fe700750a62f41447f01b8c9ea50 (6.11-rc1)', 'https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553', 'https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650', 'https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec', 'https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50', 'https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5', 'https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826', 'https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653', 'https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46722-34b3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46722', 'https://www.cve.org/CVERecord?id=CVE-2024-46722'], 'PublishedDate': '2024-09-18T07:15:03.547Z', 'LastModifiedDate': '2024-09-20T18:23:11.93Z'}, {'VulnerabilityID': 'CVE-2024-46723', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46723', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix ucode out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46723', 'https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f (6.11-rc1)', 'https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33', 'https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd', 'https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b', 'https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2', 'https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f', 'https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54', 'https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27', 'https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46723-6726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46723', 'https://www.cve.org/CVERecord?id=CVE-2024-46723'], 'PublishedDate': '2024-09-18T07:15:03.61Z', 'LastModifiedDate': '2024-09-20T18:30:30.117Z'}, {'VulnerabilityID': 'CVE-2024-46724', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46724', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number\n\nCheck the fb_channel_number range to avoid the array out-of-bounds\nread error', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46724', 'https://git.kernel.org/linus/d768394fa99467bcf2703bde74ddc96eeb0b71fa (6.11-rc1)', 'https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1', 'https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815', 'https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4', 'https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa', 'https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4', 'https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46724-02f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46724', 'https://www.cve.org/CVERecord?id=CVE-2024-46724'], 'PublishedDate': '2024-09-18T07:15:03.673Z', 'LastModifiedDate': '2024-09-20T18:30:58.98Z'}, {'VulnerabilityID': 'CVE-2024-46725', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46725', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix out-of-bounds write warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix out-of-bounds write warning\n\nCheck the ring type value to fix the out-of-bounds\nwrite warning', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46725', 'https://git.kernel.org/linus/be1684930f5262a622d40ce7a6f1423530d87f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5', 'https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9', 'https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844', 'https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89', 'https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2', 'https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46725-af49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46725', 'https://www.cve.org/CVERecord?id=CVE-2024-46725'], 'PublishedDate': '2024-09-18T07:15:03.733Z', 'LastModifiedDate': '2024-09-20T18:40:42.753Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46731', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46731', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fix the Out-of-bounds read warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46731', 'https://git.kernel.org/linus/12c6967428a099bbba9dfd247bb4322a984fcc0b (6.11-rc1)', 'https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b', 'https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1', 'https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea', 'https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376', 'https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934', 'https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46731-0e54@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46731', 'https://www.cve.org/CVERecord?id=CVE-2024-46731'], 'PublishedDate': '2024-09-18T07:15:04.057Z', 'LastModifiedDate': '2024-09-26T13:29:19.877Z'}, {'VulnerabilityID': 'CVE-2024-46732', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Assign linear_pitch_alignment even for VM', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign linear_pitch_alignment even for VM\n\n[Description]\nAssign linear_pitch_alignment so we don't cause a divide by 0\nerror in VM environments", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46732', 'https://git.kernel.org/linus/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 (6.11-rc1)', 'https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6', 'https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4', 'https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b', 'https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349', 'https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46732-49a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46732', 'https://www.cve.org/CVERecord?id=CVE-2024-46732'], 'PublishedDate': '2024-09-18T07:15:04.117Z', 'LastModifiedDate': '2024-09-26T13:28:07.157Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46735', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46735', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000028\n  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n  Call Trace:\n   <TASK>\n   ? __die+0x20/0x70\n   ? page_fault_oops+0x75/0x170\n   ? exc_page_fault+0x64/0x140\n   ? asm_exc_page_fault+0x22/0x30\n   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n   ublk_ctrl_uring_cmd+0x4f7/0x6c0\n   ? pick_next_task_idle+0x26/0x40\n   io_uring_cmd+0x9a/0x1b0\n   io_issue_sqe+0x193/0x3f0\n   io_wq_submit_work+0x9b/0x390\n   io_worker_handle_work+0x165/0x360\n   io_wq_worker+0xcb/0x2f0\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? finish_task_switch.isra.0+0x203/0x290\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork+0x2d/0x50\n   ? __pfx_io_wq_worker+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46735', 'https://git.kernel.org/linus/e58f5142f88320a5b1449f96a146f2f24615c5c7 (6.11-rc7)', 'https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc', 'https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f', 'https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8', 'https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7', 'https://lore.kernel.org/linux-cve-announce/2024091832-CVE-2024-46735-fbce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46735', 'https://www.cve.org/CVERecord?id=CVE-2024-46735'], 'PublishedDate': '2024-09-18T08:15:03.057Z', 'LastModifiedDate': '2024-09-20T18:35:53.967Z'}, {'VulnerabilityID': 'CVE-2024-46737', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet-tcp: fix kernel crash if commands allocation fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n  nvmet: failed to install queue 0 cntlid 1 ret 6\n  Unable to handle kernel NULL pointer dereference at\n         virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46737', 'https://git.kernel.org/linus/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 (6.11-rc7)', 'https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4', 'https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda', 'https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683', 'https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3', 'https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244', 'https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d', 'https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46737-d36f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46737', 'https://www.cve.org/CVERecord?id=CVE-2024-46737'], 'PublishedDate': '2024-09-18T08:15:03.167Z', 'LastModifiedDate': '2024-09-20T18:35:34.7Z'}, {'VulnerabilityID': 'CVE-2024-46738', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46738', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46738', 'https://git.kernel.org/linus/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 (6.11-rc7)', 'https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49', 'https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96', 'https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7', 'https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e', 'https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1', 'https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce', 'https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d', 'https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73', 'https://linux.oracle.com/cve/CVE-2024-46738.html', 'https://linux.oracle.com/errata/ELSA-2024-12782.html', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46738-d871@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46738', 'https://www.cve.org/CVERecord?id=CVE-2024-46738'], 'PublishedDate': '2024-09-18T08:15:03.233Z', 'LastModifiedDate': '2024-09-20T18:35:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46739', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46739', 'https://git.kernel.org/linus/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e (6.11-rc7)', 'https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c', 'https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc', 'https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c', 'https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e', 'https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b', 'https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99', 'https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4', 'https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46739-0aa7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46739', 'https://www.cve.org/CVERecord?id=CVE-2024-46739'], 'PublishedDate': '2024-09-18T08:15:03.293Z', 'LastModifiedDate': '2024-09-20T18:34:29.957Z'}, {'VulnerabilityID': 'CVE-2024-46740', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: binder: fix UAF caused by offsets overwrite', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF caused by offsets overwrite\n\nBinder objects are processed and copied individually into the target\nbuffer during transactions. Any raw data in-between these objects is\ncopied as well. However, this raw data copy lacks an out-of-bounds\ncheck. If the raw data exceeds the data section size then the copy\noverwrites the offsets section. This eventually triggers an error that\nattempts to unwind the processed objects. However, at this point the\noffsets used to index these objects are now corrupted.\n\nUnwinding with corrupted offsets can result in decrements of arbitrary\nnodes and lead to their premature release. Other users of such nodes are\nleft with a dangling pointer triggering a use-after-free. This issue is\nmade evident by the following KASAN report (trimmed):\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n  Write of size 4 at addr ffff47fc91598f04 by task binder-util/743\n\n  CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1\n  Hardware name: linux,dummy-virt (DT)\n  Call trace:\n   _raw_spin_lock+0xe4/0x19c\n   binder_free_buf+0x128/0x434\n   binder_thread_write+0x8a4/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Allocated by task 743:\n   __kmalloc_cache_noprof+0x110/0x270\n   binder_new_node+0x50/0x700\n   binder_transaction+0x413c/0x6da8\n   binder_thread_write+0x978/0x3260\n   binder_ioctl+0x18f0/0x258c\n  [...]\n\n  Freed by task 745:\n   kfree+0xbc/0x208\n   binder_thread_read+0x1c5c/0x37d4\n   binder_ioctl+0x16d8/0x258c\n  [...]\n  ==================================================================\n\nTo avoid this issue, let's check that the raw data copy is within the\nboundaries of the data section.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46740', 'https://git.kernel.org/linus/4df153652cc46545722879415937582028c18af5 (6.11-rc7)', 'https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792', 'https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0', 'https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4', 'https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5', 'https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59', 'https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929', 'https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46740-e05a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46740', 'https://www.cve.org/CVERecord?id=CVE-2024-46740'], 'PublishedDate': '2024-09-18T08:15:03.377Z', 'LastModifiedDate': '2024-09-20T18:34:08.163Z'}, {'VulnerabilityID': 'CVE-2024-46741', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46741', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: misc: fastrpc: Fix double free of &#39;buf&#39; in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix double free of 'buf' in error path\n\nsmatch warning:\ndrivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'\n\nIn fastrpc_req_mmap() error path, the fastrpc buffer is freed in\nfastrpc_req_munmap_impl() if unmap is successful.\n\nBut in the end, there is an unconditional call to fastrpc_buf_free().\nSo the above case triggers the double free of fastrpc buf.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46741', 'https://git.kernel.org/linus/e8c276d4dc0e19ee48385f74426aebc855b49aaf (6.11-rc7)', 'https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2', 'https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf', 'https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46741-4ce7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46741', 'https://www.cve.org/CVERecord?id=CVE-2024-46741'], 'PublishedDate': '2024-09-18T08:15:03.43Z', 'LastModifiedDate': '2024-09-20T18:33:27.96Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46743', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46743', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg="func of_irq_parse_* +p"):\n\n  OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n  OF:  parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n  OF:  intspec=4\n  OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n  OF:  -> addrsize=3\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n  Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n  CPU: 1 PID: 764 Comm: bash Tainted: G           O       6.1.67-484c613561-nokia_sm_arm64 #1\n  Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n  Call trace:\n   dump_backtrace+0xdc/0x130\n   show_stack+0x1c/0x30\n   dump_stack_lvl+0x6c/0x84\n   print_report+0x150/0x448\n   kasan_report+0x98/0x140\n   __asan_load4+0x78/0xa0\n   of_irq_parse_raw+0x2b8/0x8d0\n   of_irq_parse_one+0x24c/0x270\n   parse_interrupts+0xc0/0x120\n   of_fwnode_add_links+0x100/0x2d0\n   fw_devlink_parse_fwtree+0x64/0xc0\n   device_add+0xb38/0xc30\n   of_device_add+0x64/0x90\n   of_platform_device_create_pdata+0xd0/0x170\n   of_platform_bus_create+0x244/0x600\n   of_platform_notify+0x1b0/0x254\n   blocking_notifier_call_chain+0x9c/0xd0\n   __of_changeset_entry_notify+0x1b8/0x230\n   __of_changeset_apply_notify+0x54/0xe4\n   of_overlay_fdt_apply+0xc04/0xd94\n   ...\n\n  The buggy address belongs to the object at ffffff81beca5600\n   which belongs to the cache kmalloc-128 of size 128\n  The buggy address is located 8 bytes inside of\n   128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n  The buggy address belongs to the physical page:\n  page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n  head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n  flags: 0x8000000000010200(slab|head|zone=2)\n  raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n  raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n  >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n                        ^\n   ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n   ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n  ==================================================================\n  OF:  -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46743', 'https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 (6.11-rc4)', 'https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d', 'https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5', 'https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5', 'https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305', 'https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f', 'https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9', 'https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8', 'https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46743-f386@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46743', 'https://www.cve.org/CVERecord?id=CVE-2024-46743'], 'PublishedDate': '2024-09-18T08:15:03.54Z', 'LastModifiedDate': '2024-09-20T18:32:11.827Z'}, {'VulnerabilityID': 'CVE-2024-46744', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: sanity check symbolic link size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a "KMSAN: uninit-value in pick_link" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n   link from disk.  This assigns the corrupted value\n   3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n   this corrupted value to the length variable, which being a\n   signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n   the copied bytes is less than length, which being negative means\n   the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46744', 'https://git.kernel.org/linus/810ee43d9cd245d138a2733d87a24858a23f577d (6.11-rc4)', 'https://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb', 'https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438', 'https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4', 'https://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d', 'https://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e', 'https://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90', 'https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90', 'https://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46744-451f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46744', 'https://www.cve.org/CVERecord?id=CVE-2024-46744'], 'PublishedDate': '2024-09-18T08:15:03.603Z', 'LastModifiedDate': '2024-09-30T13:36:19.557Z'}, {'VulnerabilityID': 'CVE-2024-46745', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46745', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Input: uinput - reject requests with unreasonable number of slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46745', 'https://git.kernel.org/linus/206f533a0a7c683982af473079c4111f4a0f9f5e (6.11-rc5)', 'https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e', 'https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b', 'https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70', 'https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2', 'https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d', 'https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b', 'https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833', 'https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46745', 'https://www.cve.org/CVERecord?id=CVE-2024-46745'], 'PublishedDate': '2024-09-18T08:15:03.667Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46746', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46746', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: amd_sfh: free driver_data after destroying hid device', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n  [   13.050438] ==================================================================\n  [   13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n  [   13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n  [   13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n  [   13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n  [   13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n  [   13.067860] Call Trace:\n  [   13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n  [   13.071486]  <TASK>\n  [   13.071492]  dump_stack_lvl+0x5d/0x80\n  [   13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n  [   13.078296]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.082199]  print_report+0x174/0x505\n  [   13.085776]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.089367]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.093255]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.097464]  kasan_report+0xc8/0x150\n  [   13.101461]  ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.105802]  amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.110303]  amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n  [   13.114879]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.119450]  sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n  [   13.124097]  hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.127404]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.131925]  ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n  [   13.136455]  ? _raw_spin_lock_irqsave+0x96/0xf0\n  [   13.140197]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n  [   13.143602]  ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n  [   13.147234]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.150446]  ? __devm_add_action+0x167/0x1d0\n  [   13.155061]  hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.158581]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.161814]  platform_probe+0xa2/0x150\n  [   13.165029]  really_probe+0x1e3/0x8a0\n  [   13.168243]  __driver_probe_device+0x18c/0x370\n  [   13.171500]  driver_probe_device+0x4a/0x120\n  [   13.175000]  __driver_attach+0x190/0x4a0\n  [   13.178521]  ? __pfx___driver_attach+0x10/0x10\n  [   13.181771]  bus_for_each_dev+0x106/0x180\n  [   13.185033]  ? __pfx__raw_spin_lock+0x10/0x10\n  [   13.188229]  ? __pfx_bus_for_each_dev+0x10/0x10\n  [   13.191446]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.194382]  bus_add_driver+0x29e/0x4d0\n  [   13.197328]  driver_register+0x1a5/0x360\n  [   13.200283]  ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n  [   13.203362]  do_one_initcall+0xa7/0x380\n  [   13.206432]  ? __pfx_do_one_initcall+0x10/0x10\n  [   13.210175]  ? srso_alias_return_thunk+0x5/0xfbef5\n  [   13.213211]  ? kasan_unpoison+0x44/0x70\n  [   13.216688]  do_init_module+0x238/0x750\n  [   13.2196\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46746', 'https://git.kernel.org/linus/97155021ae17b86985121b33cf8098bcde00d497 (6.11-rc5)', 'https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89', 'https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0', 'https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc', 'https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497', 'https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46746-eb7f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46746', 'https://www.cve.org/CVERecord?id=CVE-2024-46746'], 'PublishedDate': '2024-09-18T08:15:03.73Z', 'LastModifiedDate': '2024-09-26T12:47:53.267Z'}, {'VulnerabilityID': 'CVE-2024-46747', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46747', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46747', 'https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d (6.11-rc5)', 'https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc', 'https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f', 'https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0', 'https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf', 'https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d', 'https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714', 'https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd', 'https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46747-f489@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46747', 'https://www.cve.org/CVERecord?id=CVE-2024-46747'], 'PublishedDate': '2024-09-18T08:15:03.79Z', 'LastModifiedDate': '2024-09-20T18:31:19.19Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46750', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46750', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: Add missing bridge lock to pci_bus_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n  WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n  RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n  Call Trace:\n   <TASK>\n   ? __warn+0x8c/0x190\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   ? report_bug+0x1f8/0x200\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? pci_bridge_secondary_bus_reset+0x5d/0x70\n   pci_reset_bus+0x1d8/0x270\n   vmd_probe+0x778/0xa10\n   pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n  bridge = pci_upstream_bridge(dev);\n  if (bridge)\n    pci_dev_lock(bridge);\n\nto pci_reset_function() for the "bus" and "cxl_bus" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46750', 'https://git.kernel.org/linus/a4e772898f8bf2e7e1cf661a12c60a5612c4afab (6.11-rc1)', 'https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945', 'https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9', 'https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083', 'https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a', 'https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da', 'https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab', 'https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b', 'https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46750-3be1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46750', 'https://www.cve.org/CVERecord?id=CVE-2024-46750'], 'PublishedDate': '2024-09-18T08:15:03.947Z', 'LastModifiedDate': '2024-09-30T13:27:45.787Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46752', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46752', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BUG_ON() with error handling at update_ref_for_cow()\n\nInstead of a BUG_ON() just return an error, log an error message and\nabort the transaction in case we find an extent buffer belonging to the\nrelocation tree that doesn't have the full backref flag set. This is\nunexpected and should never happen (save for bugs or a potential bad\nmemory).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46752', 'https://git.kernel.org/linus/b56329a782314fde5b61058e2a25097af7ccb675 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac', 'https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491', 'https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688', 'https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675', 'https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46752-49e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46752', 'https://www.cve.org/CVERecord?id=CVE-2024-46752'], 'PublishedDate': '2024-09-18T08:15:04.057Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46755', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46755', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()\n\nmwifiex_get_priv_by_id() returns the priv pointer corresponding to\nthe bss_num and bss_type, but without checking if the priv is actually\ncurrently in use.\nUnused priv pointers do not have a wiphy attached to them which can\nlead to NULL pointer dereferences further down the callstack.  Fix\nthis by returning only used priv pointers which have priv->bss_mode\nset to something else than NL80211_IFTYPE_UNSPECIFIED.\n\nSaid NULL pointer dereference happened when an Accesspoint was started\nwith wpa_supplicant -i mlan0 with this config:\n\nnetwork={\n        ssid="somessid"\n        mode=2\n        frequency=2412\n        key_mgmt=WPA-PSK WPA-PSK-SHA256\n        proto=RSN\n        group=CCMP\n        pairwise=CCMP\n        psk="12345678"\n}\n\nWhen waiting for the AP to be established, interrupting wpa_supplicant\nwith <ctrl-c> and starting it again this happens:\n\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140\n| Mem abort info:\n|   ESR = 0x0000000096000004\n|   EC = 0x25: DABT (current EL), IL = 32 bits\n|   SET = 0, FnV = 0\n|   EA = 0, S1PTW = 0\n|   FSC = 0x04: level 0 translation fault\n| Data abort info:\n|   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n|   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n|   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000\n| [0000000000000140] pgd=0000000000000000, p4d=0000000000000000\n| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n| Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio\n+mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs\n+imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6\n| CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18\n| Hardware name: somemachine (DT)\n| Workqueue: events sdio_irq_work\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n| lr : mwifiex_get_cfp+0x34/0x15c [mwifiex]\n| sp : ffff8000818b3a70\n| x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004\n| x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9\n| x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000\n| x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000\n| x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517\n| x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1\n| x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157\n| x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124\n| x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000\n| Call trace:\n|  mwifiex_get_cfp+0xd8/0x15c [mwifiex]\n|  mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex]\n|  mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex]\n|  mwifiex_process_sta_event+0x298/0xf0c [mwifiex]\n|  mwifiex_process_event+0x110/0x238 [mwifiex]\n|  mwifiex_main_process+0x428/0xa44 [mwifiex]\n|  mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio]\n|  process_sdio_pending_irqs+0x64/0x1b8\n|  sdio_irq_work+0x4c/0x7c\n|  process_one_work+0x148/0x2a0\n|  worker_thread+0x2fc/0x40c\n|  kthread+0x110/0x114\n|  ret_from_fork+0x10/0x20\n| Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000)\n| ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46755', 'https://git.kernel.org/linus/c145eea2f75ff7949392aebecf7ef0a81c1f6c14 (6.11-rc1)', 'https://git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521f', 'https://git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6d', 'https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a', 'https://git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14', 'https://git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03', 'https://git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8a', 'https://git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70', 'https://git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46755-1f46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46755', 'https://www.cve.org/CVERecord?id=CVE-2024-46755'], 'PublishedDate': '2024-09-18T08:15:04.203Z', 'LastModifiedDate': '2024-09-26T13:25:54.593Z'}, {'VulnerabilityID': 'CVE-2024-46756', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83627ehf) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46756', 'https://git.kernel.org/linus/5c1de37969b7bc0abcb20b86e91e70caebbd4f89 (6.11-rc1)', 'https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343', 'https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24', 'https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89', 'https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2', 'https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d', 'https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b', 'https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1', 'https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46756-2ca6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46756', 'https://www.cve.org/CVERecord?id=CVE-2024-46756'], 'PublishedDate': '2024-09-18T08:15:04.26Z', 'LastModifiedDate': '2024-09-23T16:29:45.077Z'}, {'VulnerabilityID': 'CVE-2024-46757', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46757', 'https://git.kernel.org/linus/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 (6.11-rc1)', 'https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e', 'https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0', 'https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159', 'https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c', 'https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db', 'https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398', 'https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd', 'https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46757-4fbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46757', 'https://www.cve.org/CVERecord?id=CVE-2024-46757'], 'PublishedDate': '2024-09-18T08:15:04.313Z', 'LastModifiedDate': '2024-09-23T16:29:51.65Z'}, {'VulnerabilityID': 'CVE-2024-46758', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (lm95234) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46758', 'https://git.kernel.org/linus/af64e3e1537896337405f880c1e9ac1f8c0c6198 (6.11-rc1)', 'https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81', 'https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee', 'https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336', 'https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201', 'https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650', 'https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd', 'https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198', 'https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46758-6154@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46758', 'https://www.cve.org/CVERecord?id=CVE-2024-46758'], 'PublishedDate': '2024-09-18T08:15:04.367Z', 'LastModifiedDate': '2024-09-23T16:29:24.767Z'}, {'VulnerabilityID': 'CVE-2024-46759', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (adc128d818) Fix underflows seen when writing limit attributes', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46759', 'https://git.kernel.org/linus/8cad724c8537fe3e0da8004646abc00290adae40 (6.11-rc1)', 'https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b', 'https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777', 'https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38', 'https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af', 'https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426', 'https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40', 'https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff', 'https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe', 'https://lore.kernel.org/linux-cve-announce/2024091841-CVE-2024-46759-9b86@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46759', 'https://www.cve.org/CVERecord?id=CVE-2024-46759'], 'PublishedDate': '2024-09-18T08:15:04.413Z', 'LastModifiedDate': '2024-09-23T16:28:53.257Z'}, {'VulnerabilityID': 'CVE-2024-46760', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46760', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw88: usb: schedule rx work after everything is set up', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: usb: schedule rx work after everything is set up\n\nRight now it's possible to hit NULL pointer dereference in\nrtw_rx_fill_rx_status on hw object and/or its fields because\ninitialization routine can start getting USB replies before\nrtw_dev is fully setup.\n\nThe stack trace looks like this:\n\nrtw_rx_fill_rx_status\nrtw8821c_query_rx_desc\nrtw_usb_rx_handler\n...\nqueue_work\nrtw_usb_read_port_complete\n...\nusb_submit_urb\nrtw_usb_rx_resubmit\nrtw_usb_init_rx\nrtw_usb_probe\n\nSo while we do the async stuff rtw_usb_probe continues and calls\nrtw_register_hw, which does all kinds of initialization (e.g.\nvia ieee80211_register_hw) that rtw_rx_fill_rx_status relies on.\n\nFix this by moving the first usb_submit_urb after everything\nis set up.\n\nFor me, this bug manifested as:\n[    8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped\n[    8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status\nbecause I'm using Larry's backport of rtw88 driver with the NULL\nchecks in rtw_rx_fill_rx_status.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46760', 'https://git.kernel.org/linus/adc539784c98a7cc602cbf557debfc2e7b9be8b3 (6.11-rc1)', 'https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e', 'https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3', 'https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46760-1eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46760', 'https://www.cve.org/CVERecord?id=CVE-2024-46760'], 'PublishedDate': '2024-09-18T08:15:04.47Z', 'LastModifiedDate': '2024-09-23T16:18:28.87Z'}, {'VulnerabilityID': 'CVE-2024-46761', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46761', 'https://git.kernel.org/linus/335e35b748527f0c06ded9eebb65387f60647fda (6.11-rc1)', 'https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda', 'https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d', 'https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048', 'https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e', 'https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59', 'https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689', 'https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4', 'https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55', 'https://lore.kernel.org/linux-cve-announce/2024091842-CVE-2024-46761-289f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46761', 'https://www.cve.org/CVERecord?id=CVE-2024-46761'], 'PublishedDate': '2024-09-18T08:15:04.517Z', 'LastModifiedDate': '2024-09-23T16:06:58.397Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46763', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46763', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: Fix null-ptr-deref in GRO.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk->sk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk->sk_user_data could be NULL.\n\nLet's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n</IRQ>\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46763', 'https://git.kernel.org/linus/7e4196935069947d8b70b09c1660b67b067e75cb (6.11-rc7)', 'https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b', 'https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef', 'https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08', 'https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb', 'https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9', 'https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46763-a580@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46763', 'https://www.cve.org/CVERecord?id=CVE-2024-46763'], 'PublishedDate': '2024-09-18T08:15:04.613Z', 'LastModifiedDate': '2024-09-23T16:14:18.297Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46766', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: move netif_queue_set_napi to rtnl-protected sections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: move netif_queue_set_napi to rtnl-protected sections\n\nCurrently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is\nnot rtnl-locked when called from the reset. This creates the need to take\nthe rtnl_lock just for a single function and complicates the\nsynchronization with .ndo_bpf. At the same time, there no actual need to\nfill napi-to-queue information at this exact point.\n\nFill napi-to-queue information when opening the VSI and clear it when the\nVSI is being closed. Those routines are already rtnl-locked.\n\nAlso, rewrite napi-to-queue assignment in a way that prevents inclusion of\nXDP queues, as this leads to out-of-bounds writes, such as one below.\n\n[  +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047\n[  +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2\n[  +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[  +0.000003] Call Trace:\n[  +0.000003]  <TASK>\n[  +0.000002]  dump_stack_lvl+0x60/0x80\n[  +0.000007]  print_report+0xce/0x630\n[  +0.000007]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[  +0.000007]  ? __virt_addr_valid+0x1c9/0x2c0\n[  +0.000005]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000003]  kasan_report+0xe9/0x120\n[  +0.000004]  ? netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000004]  netif_queue_set_napi+0x1c2/0x1e0\n[  +0.000005]  ice_vsi_close+0x161/0x670 [ice]\n[  +0.000114]  ice_dis_vsi+0x22f/0x270 [ice]\n[  +0.000095]  ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice]\n[  +0.000086]  ice_prepare_for_reset+0x299/0x750 [ice]\n[  +0.000087]  pci_dev_save_and_disable+0x82/0xd0\n[  +0.000006]  pci_reset_function+0x12d/0x230\n[  +0.000004]  reset_store+0xa0/0x100\n[  +0.000006]  ? __pfx_reset_store+0x10/0x10\n[  +0.000002]  ? __pfx_mutex_lock+0x10/0x10\n[  +0.000004]  ? __check_object_size+0x4c1/0x640\n[  +0.000007]  kernfs_fop_write_iter+0x30b/0x4a0\n[  +0.000006]  vfs_write+0x5d6/0xdf0\n[  +0.000005]  ? fd_install+0x180/0x350\n[  +0.000005]  ? __pfx_vfs_write+0x10/0xA10\n[  +0.000004]  ? do_fcntl+0x52c/0xcd0\n[  +0.000004]  ? kasan_save_track+0x13/0x60\n[  +0.000003]  ? kasan_save_free_info+0x37/0x60\n[  +0.000006]  ksys_write+0xfa/0x1d0\n[  +0.000003]  ? __pfx_ksys_write+0x10/0x10\n[  +0.000002]  ? __x64_sys_fcntl+0x121/0x180\n[  +0.000004]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000005]  do_syscall_64+0x80/0x170\n[  +0.000007]  ? _raw_spin_lock+0x87/0xe0\n[  +0.000004]  ? __pfx__raw_spin_lock+0x10/0x10\n[  +0.000003]  ? file_close_fd_locked+0x167/0x230\n[  +0.000005]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000005]  ? do_syscall_64+0x8c/0x170\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? fput+0x1a/0x2c0\n[  +0.000004]  ? filp_close+0x19/0x30\n[  +0.000004]  ? do_dup2+0x25a/0x4c0\n[  +0.000004]  ? __x64_sys_dup2+0x6e/0x2e0\n[  +0.000002]  ? syscall_exit_to_user_mode+0x7d/0x220\n[  +0.000004]  ? do_syscall_64+0x8c/0x170\n[  +0.000003]  ? __count_memcg_events+0x113/0x380\n[  +0.000005]  ? handle_mm_fault+0x136/0x820\n[  +0.000005]  ? do_user_addr_fault+0x444/0xa80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000004]  ? clear_bhb_loop+0x25/0x80\n[  +0.000002]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  +0.000005] RIP: 0033:0x7f2033593154', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46766', 'https://git.kernel.org/linus/2a5dc090b92cfa5270e20056074241c6db5c9cdd (6.11-rc7)', 'https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889', 'https://git.kernel.org/stable/c/2a5dc090b92cfa5270e20056074241c6db5c9cdd', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46766-417c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46766', 'https://www.cve.org/CVERecord?id=CVE-2024-46766'], 'PublishedDate': '2024-09-18T08:15:04.76Z', 'LastModifiedDate': '2024-09-23T16:15:23.823Z'}, {'VulnerabilityID': 'CVE-2024-46767', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: Fix missing of_node_put() for leds', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Fix missing of_node_put() for leds\n\nThe call of of_get_child_by_name() will cause refcount incremented\nfor leds, if it succeeds, it should call of_node_put() to decrease\nit, fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46767', 'https://git.kernel.org/linus/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7 (6.11-rc7)', 'https://git.kernel.org/stable/c/2560db6ede1aaf162a73b2df43e0b6c5ed8819f7', 'https://git.kernel.org/stable/c/26928c8f00f6bb0e194f3957fe51c69d36838eb2', 'https://git.kernel.org/stable/c/d9c8dbbc236cdc6231ee91cdede2fc97b430cfff', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46767-31a2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46767', 'https://www.cve.org/CVERecord?id=CVE-2024-46767'], 'PublishedDate': '2024-09-18T08:15:04.81Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46768', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46768', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hwmon: (hp-wmi-sensors) Check if WMI event data exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46768', 'https://git.kernel.org/linus/a54da9df75cd1b4b5028f6c60f9a211532680585 (6.11-rc7)', 'https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311', 'https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12', 'https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46768-b0bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46768', 'https://www.cve.org/CVERecord?id=CVE-2024-46768'], 'PublishedDate': '2024-09-18T08:15:04.853Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46771', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: bcm: Remove proc entry when dev is unregistered.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Remove proc entry when dev is unregistered.\n\nsyzkaller reported a warning in bcm_connect() below. [0]\n\nThe repro calls connect() to vxcan1, removes vxcan1, and calls\nconnect() with ifindex == 0.\n\nCalling connect() for a BCM socket allocates a proc entry.\nThen, bcm_sk(sk)->bound is set to 1 to prevent further connect().\n\nHowever, removing the bound device resets bcm_sk(sk)->bound to 0\nin bcm_notify().\n\nThe 2nd connect() tries to allocate a proc entry with the same\nname and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the\noriginal proc entry.\n\nSince the proc entry is available only for connect()ed sockets,\nlet's clean up the entry when the bound netdev is unregistered.\n\n[0]:\nproc_dir_entry 'can-bcm/2456' already registered\nWARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375\nModules linked in:\nCPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375\nCode: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48\nRSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246\nRAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002\nRBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0\nR10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec\nFS:  00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220\n bcm_connect+0x472/0x840 net/can/bcm.c:1673\n __sys_connect_file net/socket.c:2049 [inline]\n __sys_connect+0x5d2/0x690 net/socket.c:2066\n __do_sys_connect net/socket.c:2076 [inline]\n __se_sys_connect net/socket.c:2073 [inline]\n __x64_sys_connect+0x8f/0x100 net/socket.c:2073\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fbd708b0e5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d\nRDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040\nR10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098\nR13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000\n </TASK>\nremove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456'", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46771', 'https://git.kernel.org/linus/76fe372ccb81b0c89b6cd2fec26e2f38c958be85 (6.11-rc7)', 'https://git.kernel.org/stable/c/10bfacbd5e8d821011d857bee73310457c9c989a', 'https://git.kernel.org/stable/c/33ed4ba73caae39f34ab874ba79138badc2c65dd', 'https://git.kernel.org/stable/c/3b39dc2901aa7a679a5ca981a3de9f8d5658afe8', 'https://git.kernel.org/stable/c/4377b79323df62eb5d310354f19b4d130ff58d50', 'https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92', 'https://git.kernel.org/stable/c/76fe372ccb81b0c89b6cd2fec26e2f38c958be85', 'https://git.kernel.org/stable/c/abb0a615569ec008e8a93d9f3ab2d5b418ea94d4', 'https://git.kernel.org/stable/c/aec92dbebdbec7567d9f56d7c9296a572b8fd849', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46771-913d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46771', 'https://www.cve.org/CVERecord?id=CVE-2024-46771'], 'PublishedDate': '2024-09-18T08:15:05.01Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46772', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46772', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator crb_pipes before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46772', 'https://git.kernel.org/linus/ea79068d4073bf303f8203f2625af7d9185a1bc6 (6.11-rc1)', 'https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6', 'https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c', 'https://lore.kernel.org/linux-cve-announce/2024091846-CVE-2024-46772-4ad6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46772', 'https://www.cve.org/CVERecord?id=CVE-2024-46772'], 'PublishedDate': '2024-09-18T08:15:05.073Z', 'LastModifiedDate': '2024-09-23T16:52:17.577Z'}, {'VulnerabilityID': 'CVE-2024-46773', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46773', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check denominator pbn_div before used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46773', 'https://git.kernel.org/linus/116a678f3a9abc24f5c9d2525b7393d18d9eb58e (6.11-rc1)', 'https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e', 'https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414', 'https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345', 'https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46773-5781@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46773', 'https://www.cve.org/CVERecord?id=CVE-2024-46773'], 'PublishedDate': '2024-09-18T08:15:05.123Z', 'LastModifiedDate': '2024-09-23T16:51:59.983Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46777', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46777', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: udf: Avoid excessive partition lengths', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid excessive partition lengths\n\nAvoid mounting filesystems where the partition would overflow the\n32-bits used for block number. Also refuse to mount filesystems where\nthe partition length is so large we cannot safely index bits in a\nblock bitmap.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46777', 'https://git.kernel.org/linus/ebbe26fd54a9621994bc16b14f2ba8f84c089693 (6.11-rc1)', 'https://git.kernel.org/stable/c/0173999123082280cf904bd640015951f194a294', 'https://git.kernel.org/stable/c/1497a4484cdb2cf6c37960d788fb6ba67567bdb7', 'https://git.kernel.org/stable/c/2ddf831451357c6da4b64645eb797c93c1c054d1', 'https://git.kernel.org/stable/c/551966371e17912564bc387fbeb2ac13077c3db1', 'https://git.kernel.org/stable/c/925fd8ee80d5348a5e965548e5484d164d19221d', 'https://git.kernel.org/stable/c/a56330761950cb83de1dfb348479f20c56c95f90', 'https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966', 'https://git.kernel.org/stable/c/ebbe26fd54a9621994bc16b14f2ba8f84c089693', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46777-6114@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46777', 'https://www.cve.org/CVERecord?id=CVE-2024-46777'], 'PublishedDate': '2024-09-18T08:15:05.33Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46779', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46779', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/imagination: Free pvr_vm_gpuva after unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Free pvr_vm_gpuva after unlink\n\nThis caused a measurable memory leak. Although the individual\nallocations are small, the leaks occurs in a high-usage codepath\n(remapping or unmapping device memory) so they add up quickly.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46779', 'https://git.kernel.org/linus/3f6b2f60b4631cd0c368da6a1587ab55a696164d (6.11-rc7)', 'https://git.kernel.org/stable/c/1cc695be8920df234f83270d789078cb2d3bc564', 'https://git.kernel.org/stable/c/3f6b2f60b4631cd0c368da6a1587ab55a696164d', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46779-3186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46779', 'https://www.cve.org/CVERecord?id=CVE-2024-46779'], 'PublishedDate': '2024-09-18T08:15:05.43Z', 'LastModifiedDate': '2024-09-23T16:37:51.473Z'}, {'VulnerabilityID': 'CVE-2024-46780', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46780', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: protect references to superblock parameters exposed in sysfs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect references to superblock parameters exposed in sysfs\n\nThe superblock buffers of nilfs2 can not only be overwritten at runtime\nfor modifications/repairs, but they are also regularly swapped, replaced\nduring resizing, and even abandoned when degrading to one side due to\nbacking device issues.  So, accessing them requires mutual exclusion using\nthe reader/writer semaphore "nilfs->ns_sem".\n\nSome sysfs attribute show methods read this superblock buffer without the\nnecessary mutual exclusion, which can cause problems with pointer\ndereferencing and memory access, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46780', 'https://git.kernel.org/linus/683408258917541bdb294cd717c210a04381931e (6.11-rc7)', 'https://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed', 'https://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880', 'https://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e', 'https://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f', 'https://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad', 'https://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614', 'https://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e', 'https://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e', 'https://lore.kernel.org/linux-cve-announce/2024091849-CVE-2024-46780-9155@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46780', 'https://www.cve.org/CVERecord?id=CVE-2024-46780'], 'PublishedDate': '2024-09-18T08:15:05.473Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46781', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46781', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix missing cleanup on rollforward recovery error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix missing cleanup on rollforward recovery error\n\nIn an error injection test of a routine for mount-time recovery, KASAN\nfound a use-after-free bug.\n\nIt turned out that if data recovery was performed using partial logs\ncreated by dsync writes, but an error occurred before starting the log\nwriter to create a recovered checkpoint, the inodes whose data had been\nrecovered were left in the ns_dirty_files list of the nilfs object and\nwere not freed.\n\nFix this issue by cleaning up inodes that have read the recovery data if\nthe recovery routine fails midway before the log writer starts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46781', 'https://git.kernel.org/linus/5787fcaab9eb5930f5378d6a1dd03d916d146622 (6.11-rc7)', 'https://git.kernel.org/stable/c/07e4dc2fe000ab008bcfe90be4324ef56b5b4355', 'https://git.kernel.org/stable/c/1cf1f7e8cd47244fa947d357ef1f642d91e219a3', 'https://git.kernel.org/stable/c/35a9a7a7d94662146396199b0cfd95f9517cdd14', 'https://git.kernel.org/stable/c/5787fcaab9eb5930f5378d6a1dd03d916d146622', 'https://git.kernel.org/stable/c/8e2d1e9d93c4ec51354229361ac3373058529ec4', 'https://git.kernel.org/stable/c/9d8c3a585d564d776ee60d4aabec59b404be7403', 'https://git.kernel.org/stable/c/ca92c4bff2833cb30d493b935168d6cccd5c805d', 'https://git.kernel.org/stable/c/da02f9eb333333b2e4f25d2a14967cff785ac82e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46781-377e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46781', 'https://www.cve.org/CVERecord?id=CVE-2024-46781'], 'PublishedDate': '2024-09-18T08:15:05.527Z', 'LastModifiedDate': '2024-09-23T16:37:07.117Z'}, {'VulnerabilityID': 'CVE-2024-46782', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46782', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ila: call nf_unregister_net_hooks() sooner', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46782', 'https://git.kernel.org/linus/031ae72825cef43e4650140b800ad58bf7a6a466 (6.11-rc7)', 'https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466', 'https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2', 'https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf', 'https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4', 'https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c', 'https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6', 'https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673', 'https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46782', 'https://www.cve.org/CVERecord?id=CVE-2024-46782'], 'PublishedDate': '2024-09-18T08:15:05.577Z', 'LastModifiedDate': '2024-09-23T16:32:04.373Z'}, {'VulnerabilityID': 'CVE-2024-46783', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46783', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tcp_bpf: fix return value of tcp_bpf_sendmsg()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468         case __SK_DROP:\n469         default:\n470                 sk_msg_free_partial(sk, msg, tosend);\n471                 sk_msg_apply_bytes(psock, tosend);\n472                 *copied -= (tosend + delta); // <==== HERE\n473                 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n  ------------[ cut here ]------------\n  kernel BUG at net/socket.c:733!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n  pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n  pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n  lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n  lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n  sp : ffff800088ea3b30\n  x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n  x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n  x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n  x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n  x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n  x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n  x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n  Call trace:\n   sock_sendmsg_nosec net/socket.c:733 [inline]\n   __sock_sendmsg+0x5c/0x60 net/socket.c:745\n   ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n   ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n   __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n   __do_sys_sendmsg net/socket.c:2689 [inline]\n   __se_sys_sendmsg net/socket.c:2687 [inline]\n   __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n   __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n   invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n   el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n   do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n   el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n   el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n   el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n  Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n  ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46783', 'https://git.kernel.org/linus/fe1910f9337bd46a9343967b547ccab26b4b2c6e (6.11-rc7)', 'https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9', 'https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2', 'https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510', 'https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a', 'https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193', 'https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae', 'https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e', 'https://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46783-edcb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46783', 'https://www.cve.org/CVERecord?id=CVE-2024-46783'], 'PublishedDate': '2024-09-18T08:15:05.63Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46785', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46785', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: eventfs: Use list_del_rcu() for SRCU protected list variable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Use list_del_rcu() for SRCU protected list variable\n\nChi Zhiling reported:\n\n  We found a null pointer accessing in tracefs[1], the reason is that the\n  variable \'ei_child\' is set to LIST_POISON1, that means the list was\n  removed in eventfs_remove_rec. so when access the ei_child->is_freed, the\n  panic triggered.\n\n  by the way, the following script can reproduce this panic\n\n  loop1 (){\n      while true\n      do\n          echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events\n          echo "" > /sys/kernel/debug/tracing/kprobe_events\n      done\n  }\n  loop2 (){\n      while true\n      do\n          tree /sys/kernel/debug/tracing/events/kprobes/\n      done\n  }\n  loop1 &\n  loop2\n\n  [1]:\n  [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150\n  [ 1147.968239][T17331] Mem abort info:\n  [ 1147.971739][T17331]   ESR = 0x0000000096000004\n  [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits\n  [ 1147.982171][T17331]   SET = 0, FnV = 0\n  [ 1147.985906][T17331]   EA = 0, S1PTW = 0\n  [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault\n  [ 1147.995292][T17331] Data abort info:\n  [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges\n  [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP\n  [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]\n  [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2\n  [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650\n  [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020\n  [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398\n  [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398\n  [ 1148.115969][T17331] sp : ffff80008d56bbd0\n  [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000\n  [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100\n  [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10\n  [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000\n  [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0\n  [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0\n  [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862\n  [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068\n  [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001\n  [ 1148.198131][T17331] Call trace:\n  [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398\n  [ 1148.205864][T17331]  iterate_dir+0x98/0x188\n  [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160\n  [ 1148.215161][T17331]  invoke_syscall+0x78/0x108\n  [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0\n  [ 1148.224977][T17331]  do_el0_svc+0x24/0x38\n  [ 1148.228974][T17331]  el0_svc+0x40/0x168\n  [ 1148.232798][T17\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46785', 'https://git.kernel.org/linus/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c (6.11-rc7)', 'https://git.kernel.org/stable/c/05e08297c3c298d8ec28e5a5adb55840312dd87e', 'https://git.kernel.org/stable/c/d2603279c7d645bf0d11fa253b23f1ab48fc8d3c', 'https://git.kernel.org/stable/c/f579d17a86448779f9642ad8baca6e3036a8e2d6', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46785-5351@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46785', 'https://www.cve.org/CVERecord?id=CVE-2024-46785'], 'PublishedDate': '2024-09-18T08:15:05.73Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46786', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46786', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF\n\nThe fscache_cookie_lru_timer is initialized when the fscache module\nis inserted, but is not deleted when the fscache module is removed.\nIf timer_reduce() is called before removing the fscache module,\nthe fscache_cookie_lru_timer will be added to the timer list of\nthe current cpu. Afterwards, a use-after-free will be triggered\nin the softIRQ after removing the fscache module, as follows:\n\n==================================================================\nBUG: unable to handle page fault for address: fffffbfff803c9e9\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855\nTainted: [W]=WARN\nRIP: 0010:__run_timer_base.part.0+0x254/0x8a0\nCall Trace:\n <IRQ>\n tmigr_handle_remote_up+0x627/0x810\n __walk_groups.isra.0+0x47/0x140\n tmigr_handle_remote+0x1fa/0x2f0\n handle_softirqs+0x180/0x590\n irq_exit_rcu+0x84/0xb0\n sysvec_apic_timer_interrupt+0x6e/0x90\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\n default_idle_call+0x38/0x60\n do_idle+0x2b5/0x300\n cpu_startup_entry+0x54/0x60\n start_secondary+0x20d/0x280\n common_startup_64+0x13e/0x148\n </TASK>\nModules linked in: [last unloaded: netfs]\n==================================================================\n\nTherefore delete fscache_cookie_lru_timer when removing the fscahe module.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46786', 'https://git.kernel.org/linus/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f (6.11-rc7)', 'https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52', 'https://git.kernel.org/stable/c/72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f', 'https://git.kernel.org/stable/c/e0d724932ad12e3528f4ce97fc0f6078d0cce4bc', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46786-a167@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46786', 'https://www.cve.org/CVERecord?id=CVE-2024-46786'], 'PublishedDate': '2024-09-18T08:15:05.783Z', 'LastModifiedDate': '2024-09-26T12:48:37.447Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46788', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46788', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/osnoise: Use a cpumask to know what threads are kthreads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Use a cpumask to know what threads are kthreads\n\nThe start_kthread() and stop_thread() code was not always called with the\ninterface_lock held. This means that the kthread variable could be\nunexpectedly changed causing the kthread_stop() to be called on it when it\nshould not have been, leading to:\n\n while true; do\n   rtla timerlat top -u -q & PID=$!;\n   sleep 5;\n   kill -INT $PID;\n   sleep 0.001;\n   kill -TERM $PID;\n   wait $PID;\n  done\n\nCausing the following OOPS:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:hrtimer_active+0x58/0x300\n Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f\n RSP: 0018:ffff88811d97f940 EFLAGS: 00010202\n RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b\n RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28\n RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60\n R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d\n R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28\n FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0\n Call Trace:\n  <TASK>\n  ? die_addr+0x40/0xa0\n  ? exc_general_protection+0x154/0x230\n  ? asm_exc_general_protection+0x26/0x30\n  ? hrtimer_active+0x58/0x300\n  ? __pfx_mutex_lock+0x10/0x10\n  ? __pfx_locks_remove_file+0x10/0x10\n  hrtimer_cancel+0x15/0x40\n  timerlat_fd_release+0x8e/0x1f0\n  ? security_file_release+0x43/0x80\n  __fput+0x372/0xb10\n  task_work_run+0x11e/0x1f0\n  ? _raw_spin_lock+0x85/0xe0\n  ? __pfx_task_work_run+0x10/0x10\n  ? poison_slab_object+0x109/0x170\n  ? do_exit+0x7a0/0x24b0\n  do_exit+0x7bd/0x24b0\n  ? __pfx_migrate_enable+0x10/0x10\n  ? __pfx_do_exit+0x10/0x10\n  ? __pfx_read_tsc+0x10/0x10\n  ? ktime_get+0x64/0x140\n  ? _raw_spin_lock_irq+0x86/0xe0\n  do_group_exit+0xb0/0x220\n  get_signal+0x17ba/0x1b50\n  ? vfs_read+0x179/0xa40\n  ? timerlat_fd_read+0x30b/0x9d0\n  ? __pfx_get_signal+0x10/0x10\n  ? __pfx_timerlat_fd_read+0x10/0x10\n  arch_do_signal_or_restart+0x8c/0x570\n  ? __pfx_arch_do_signal_or_restart+0x10/0x10\n  ? vfs_read+0x179/0xa40\n  ? ksys_read+0xfe/0x1d0\n  ? __pfx_ksys_read+0x10/0x10\n  syscall_exit_to_user_mode+0xbc/0x130\n  do_syscall_64+0x74/0x110\n  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n  ? __pfx_ksys_read+0x10/0x10\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? fpregs_restore_userregs+0xdb/0x1e0\n  ? syscall_exit_to_user_mode+0x116/0x130\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  ? do_syscall_64+0x74/0x110\n  entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7ff0070eca9c\n Code: Unable to access opcode bytes at 0x7ff0070eca72.\n RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c\n RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003\n RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0\n R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003\n R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008\n  </TASK>\n Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core\n ---[ end trace 0000000000000000 ]---\n\nThis is because it would mistakenly call kthread_stop() on a user space\nthread making it "exit" before it actually exits.\n\nSince kthread\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46788', 'https://git.kernel.org/linus/177e1cc2f41235c145041eed03ef5bab18f32328 (6.11-rc7)', 'https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328', 'https://git.kernel.org/stable/c/27282d2505b402f39371fd60d19d95c01a4b6776', 'https://git.kernel.org/stable/c/7a5f01828edf152c144d27cf63de446fdf2dc222', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46788-1fbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46788', 'https://www.cve.org/CVERecord?id=CVE-2024-46788'], 'PublishedDate': '2024-09-18T08:15:05.893Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46791', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46791', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open\n\nThe mcp251x_hw_wake() function is called with the mpc_lock mutex held and\ndisables the interrupt handler so that no interrupts can be processed while\nwaking the device. If an interrupt has already occurred then waiting for\nthe interrupt handler to complete will deadlock because it will be trying\nto acquire the same mutex.\n\nCPU0                           CPU1\n----                           ----\nmcp251x_open()\n mutex_lock(&priv->mcp_lock)\n  request_threaded_irq()\n                               <interrupt>\n                               mcp251x_can_ist()\n                                mutex_lock(&priv->mcp_lock)\n  mcp251x_hw_wake()\n   disable_irq() <-- deadlock\n\nUse disable_irq_nosync() instead because the interrupt handler does\neverything while holding the mutex so it doesn't matter if it's still\nrunning.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46791', 'https://git.kernel.org/linus/7dd9c26bd6cf679bcfdef01a8659791aa6487a29 (6.11-rc7)', 'https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0', 'https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e', 'https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29', 'https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7', 'https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188', 'https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646', 'https://lore.kernel.org/linux-cve-announce/2024091853-CVE-2024-46791-af66@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46791', 'https://www.cve.org/CVERecord?id=CVE-2024-46791'], 'PublishedDate': '2024-09-18T08:15:06.067Z', 'LastModifiedDate': '2024-09-20T18:21:19.457Z'}, {'VulnerabilityID': 'CVE-2024-46792', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46792', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: misaligned: Restrict user access to kernel memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: misaligned: Restrict user access to kernel memory\n\nraw_copy_{to,from}_user() do not call access_ok(), so this code allowed\nuserspace to access any virtual memory address.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46792', 'https://git.kernel.org/linus/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8c', 'https://git.kernel.org/stable/c/b686ecdeacf6658e1348c1a32a08e2e72f7c0f00', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46792-7745@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46792', 'https://www.cve.org/CVERecord?id=CVE-2024-46792'], 'PublishedDate': '2024-09-18T08:15:06.123Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46793', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46793', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder\n\nSince commit 13f58267cda3 ("ASoC: soc.h: don\'t create dummy Component\nvia COMP_DUMMY()") dummy codecs declared like this:\n\nSND_SOC_DAILINK_DEF(dummy,\n        DAILINK_COMP_ARRAY(COMP_DUMMY()));\n\nexpand to:\n\nstatic struct snd_soc_dai_link_component dummy[] = {\n};\n\nWhich means that dummy is a zero sized array and thus dais[i].codecs should\nnot be dereferenced *at all* since it points to the address of the next\nvariable stored in the data section as the "dummy" variable has an address\nbut no size, so even dereferencing dais[0] is already an out of bounds\narray reference.\n\nWhich means that the if (dais[i].codecs->name) check added in\ncommit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref\nin BYT/CHT boards") relies on that the part of the next variable which\nthe name member maps to just happens to be NULL.\n\nWhich apparently so far it usually is, except when it isn\'t\nand then it results in crashes like this one:\n\n[   28.795659] BUG: unable to handle page fault for address: 0000000000030011\n...\n[   28.795780] Call Trace:\n[   28.795787]  <TASK>\n...\n[   28.795862]  ? strcmp+0x18/0x40\n[   28.795872]  0xffffffffc150c605\n[   28.795887]  platform_probe+0x40/0xa0\n...\n[   28.795979]  ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102]\n\nReally fix things this time around by checking dais.num_codecs != 0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46793', 'https://git.kernel.org/linus/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb (6.11-rc7)', 'https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb', 'https://git.kernel.org/stable/c/85cda5b040bda9c577b34eb72d5b2e5b7e31985c', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46793-268d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46793', 'https://www.cve.org/CVERecord?id=CVE-2024-46793'], 'PublishedDate': '2024-09-18T08:15:06.177Z', 'LastModifiedDate': '2024-09-24T16:00:17.977Z'}, {'VulnerabilityID': 'CVE-2024-46794', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/tdx: Fix data leak in mmio_read()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Fix data leak in mmio_read()\n\nThe mmio_read() function makes a TDVMCALL to retrieve MMIO data for an\naddress from the VMM.\n\nSean noticed that mmio_read() unintentionally exposes the value of an\ninitialized variable (val) on the stack to the VMM.\n\nThis variable is only needed as an output value. It did not need to be\npassed to the VMM in the first place.\n\nDo not send the original value of *val to the VMM.\n\n[ dhansen: clarify what 'val' is used for. ]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46794', 'https://git.kernel.org/linus/b6fb565a2d15277896583d471b21bc14a0c99661 (6.11-rc7)', 'https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7', 'https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa', 'https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661', 'https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7', 'https://lore.kernel.org/linux-cve-announce/2024091854-CVE-2024-46794-9f64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46794', 'https://www.cve.org/CVERecord?id=CVE-2024-46794'], 'PublishedDate': '2024-09-18T08:15:06.23Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46795', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46795', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: unset the binding mark of a reused connection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset the binding mark of a reused connection\n\nSteve French reported null pointer dereference error from sha256 lib.\ncifs.ko can send session setup requests on reused connection.\nIf reused connection is used for binding session, conn->binding can\nstill remain true and generate_preauth_hash() will not set\nsess->Preauth_HashValue and it will be NULL.\nIt is used as a material to create an encryption key in\nksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer\ndereference error from crypto_shash_update().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 8 PID: 429254 Comm: kworker/8:39\nHardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 )\nWorkqueue: ksmbd-io handle_ksmbd_work [ksmbd]\nRIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n<TASK>\n? show_regs+0x6d/0x80\n? __die+0x24/0x80\n? page_fault_oops+0x99/0x1b0\n? do_user_addr_fault+0x2ee/0x6b0\n? exc_page_fault+0x83/0x1b0\n? asm_exc_page_fault+0x27/0x30\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3]\n_sha256_update+0x77/0xa0 [sha256_ssse3]\nsha256_avx2_update+0x15/0x30 [sha256_ssse3]\ncrypto_shash_update+0x1e/0x40\nhmac_update+0x12/0x20\ncrypto_shash_update+0x1e/0x40\ngenerate_key+0x234/0x380 [ksmbd]\ngenerate_smb3encryptionkey+0x40/0x1c0 [ksmbd]\nksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd]\nntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd]\nsmb2_sess_setup+0x952/0xaa0 [ksmbd]\n__process_request+0xa3/0x1d0 [ksmbd]\n__handle_ksmbd_work+0x1c4/0x2f0 [ksmbd]\nhandle_ksmbd_work+0x2d/0xa0 [ksmbd]\nprocess_one_work+0x16c/0x350\nworker_thread+0x306/0x440\n? __pfx_worker_thread+0x10/0x10\nkthread+0xef/0x120\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x44/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n</TASK>', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46795', 'https://git.kernel.org/linus/78c5a6f1f630172b19af4912e755e1da93ef0ab5 (6.11-rc7)', 'https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce', 'https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1', 'https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5', 'https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02', 'https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1', 'https://lore.kernel.org/linux-cve-announce/2024091855-CVE-2024-46795-9908@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46795', 'https://www.cve.org/CVERecord?id=CVE-2024-46795'], 'PublishedDate': '2024-09-18T08:15:06.28Z', 'LastModifiedDate': '2024-09-20T18:21:04.067Z'}, {'VulnerabilityID': 'CVE-2024-46797', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46797', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/qspinlock: Fix deadlock in MCS queue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/qspinlock: Fix deadlock in MCS queue\n\nIf an interrupt occurs in queued_spin_lock_slowpath() after we increment\nqnodesp->count and before node->lock is initialized, another CPU might\nsee stale lock values in get_tail_qnode(). If the stale lock value happens\nto match the lock on that CPU, then we write to the "next" pointer of\nthe wrong qnode. This causes a deadlock as the former CPU, once it becomes\nthe head of the MCS queue, will spin indefinitely until it\'s "next" pointer\nis set by its successor in the queue.\n\nRunning stress-ng on a 16 core (16EC/16VP) shared LPAR, results in\noccasional lockups similar to the following:\n\n   $ stress-ng --all 128 --vm-bytes 80% --aggressive \\\n               --maximize --oomable --verify  --syslog \\\n               --metrics  --times  --timeout 5m\n\n   watchdog: CPU 15 Hard LOCKUP\n   ......\n   NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   Call Trace:\n    0xc000002cfffa3bf0 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    raw_spin_rq_lock_nested.part.135+0x4c/0xd0\n    sched_ttwu_pending+0x60/0x1f0\n    __flush_smp_call_function_queue+0x1dc/0x670\n    smp_ipi_demux_relaxed+0xa4/0x100\n    xive_muxed_ipi_action+0x20/0x40\n    __handle_irq_event_percpu+0x80/0x240\n    handle_irq_event_percpu+0x2c/0x80\n    handle_percpu_irq+0x84/0xd0\n    generic_handle_irq+0x54/0x80\n    __do_irq+0xac/0x210\n    __do_IRQ+0x74/0xd0\n    0x0\n    do_IRQ+0x8c/0x170\n    hardware_interrupt_common_virt+0x29c/0x2a0\n   --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490\n   ......\n   NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490\n   LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90\n   --- interrupt: 500\n    0xc0000029c1a41d00 (unreliable)\n    _raw_spin_lock+0x6c/0x90\n    futex_wake+0x100/0x260\n    do_futex+0x21c/0x2a0\n    sys_futex+0x98/0x270\n    system_call_exception+0x14c/0x2f0\n    system_call_vectored_common+0x15c/0x2ec\n\nThe following code flow illustrates how the deadlock occurs.\nFor the sake of brevity, assume that both locks (A and B) are\ncontended and we call the queued_spin_lock_slowpath() function.\n\n        CPU0                                   CPU1\n        ----                                   ----\n  spin_lock_irqsave(A)                          |\n  spin_unlock_irqrestore(A)                     |\n    spin_lock(B)                                |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++;                       |\n  (Note that nodes[0].lock == A)                |\n         |                                      |\n         ▼                                      |\n      Interrupt                                 |\n  (happens before "nodes[0].lock = B")          |\n         |                                      |\n         ▼                                      |\n  spin_lock_irqsave(A)                          |\n         |                                      |\n         ▼                                      |\n   id = qnodesp->count++                        |\n   nodes[1].lock = A                            |\n         |                                      |\n         ▼                                      |\n  Tail of MCS queue                             |\n         |                             spin_lock_irqsave(A)\n         ▼                                      |\n  Head of MCS queue                             ▼\n         |                             CPU0 is previous tail\n         ▼                                      |\n   Spin indefinitely                            ▼\n  (until "nodes[1].next != NULL")      prev = get_tail_qnode(A, CPU0)\n                                                |\n                                                ▼\n                                       prev == &qnodes[CPU0].nodes[0]\n                                     (as qnodes\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46797', 'https://git.kernel.org/linus/734ad0af3609464f8f93e00b6c0de1e112f44559 (6.11-rc7)', 'https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559', 'https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085', 'https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46797-9174@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46797', 'https://www.cve.org/CVERecord?id=CVE-2024-46797'], 'PublishedDate': '2024-09-18T08:15:06.403Z', 'LastModifiedDate': '2024-09-29T15:15:15.837Z'}, {'VulnerabilityID': 'CVE-2024-46798', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46798', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: dapm: Fix UAF for snd_soc_pcm_runtime object\n\nWhen using kernel with the following extra config,\n\n  - CONFIG_KASAN=y\n  - CONFIG_KASAN_GENERIC=y\n  - CONFIG_KASAN_INLINE=y\n  - CONFIG_KASAN_VMALLOC=y\n  - CONFIG_FRAME_WARN=4096\n\nkernel detects that snd_pcm_suspend_all() access a freed\n'snd_soc_pcm_runtime' object when the system is suspended, which\nleads to a use-after-free bug:\n\n[   52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270\n[   52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330\n\n[   52.047785] Call trace:\n[   52.047787]  dump_backtrace+0x0/0x3c0\n[   52.047794]  show_stack+0x34/0x50\n[   52.047797]  dump_stack_lvl+0x68/0x8c\n[   52.047802]  print_address_description.constprop.0+0x74/0x2c0\n[   52.047809]  kasan_report+0x210/0x230\n[   52.047815]  __asan_report_load1_noabort+0x3c/0x50\n[   52.047820]  snd_pcm_suspend_all+0x1a8/0x270\n[   52.047824]  snd_soc_suspend+0x19c/0x4e0\n\nThe snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before\nmaking any access. So we need to always set 'substream->runtime' to NULL\neverytime we kfree() it.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46798', 'https://git.kernel.org/linus/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 (6.11-rc7)', 'https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624', 'https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d', 'https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e', 'https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f', 'https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89', 'https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565', 'https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e', 'https://lore.kernel.org/linux-cve-announce/2024091856-CVE-2024-46798-ce16@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46798', 'https://www.cve.org/CVERecord?id=CVE-2024-46798'], 'PublishedDate': '2024-09-18T08:15:06.463Z', 'LastModifiedDate': '2024-09-20T18:17:50.763Z'}, {'VulnerabilityID': 'CVE-2024-46800', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46800', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sch/netem: fix use after free in netem_dequeue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsch/netem: fix use after free in netem_dequeue\n\nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc\nreturns __NET_XMIT_STOLEN. The packet is dropped but\nqdisc_tree_reduce_backlog() is not called to update the parent\'s\nq.qlen, leading to the similar use-after-free as Commit\ne04991a48dbaf382 ("netem: fix return value if duplicate enqueue\nfails")\n\nCommands to trigger KASAN UaF:\n\nip link add type dummy\nip link set lo up\nip link set dummy0 up\ntc qdisc add dev lo parent root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2: handle 3: drr\ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress\nredirect dev dummy0\ntc class add dev lo classid 3:1 drr\nping -c1 -W0.01 localhost # Trigger bug\ntc class del dev lo classid 1:1\ntc class add dev lo classid 1:1 drr\nping -c1 -W0.01 localhost # UaF', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 6.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46800', 'https://git.kernel.org/linus/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a (6.11-rc7)', 'https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241', 'https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9', 'https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6', 'https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a', 'https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc', 'https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e', 'https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d', 'https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b', 'https://lore.kernel.org/linux-cve-announce/2024091857-CVE-2024-46800-0f62@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46800', 'https://www.cve.org/CVERecord?id=CVE-2024-46800'], 'PublishedDate': '2024-09-18T08:15:06.573Z', 'LastModifiedDate': '2024-09-20T17:18:55.26Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46804', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46804', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add array index check for hdcp ddc access', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add array index check for hdcp ddc access\n\n[Why]\nCoverity reports OVERRUN warning. Do not check if array\nindex valid.\n\n[How]\nCheck msg_id valid and valid array index.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46804', 'https://git.kernel.org/linus/4e70c0f5251c25885c31ee84a31f99a01f7cf50e (6.11-rc1)', 'https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7', 'https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2', 'https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e', 'https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c', 'https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30', 'https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46804-c90d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46804', 'https://www.cve.org/CVERecord?id=CVE-2024-46804'], 'PublishedDate': '2024-09-27T13:15:13.637Z', 'LastModifiedDate': '2024-10-04T17:51:43.73Z'}, {'VulnerabilityID': 'CVE-2024-46805', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46805', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix the waring dereferencing hive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix the waring dereferencing hive\n\nCheck the amdgpu_hive_info *hive that maybe is NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46805', 'https://git.kernel.org/linus/1940708ccf5aff76de4e0b399f99267c93a89193 (6.11-rc1)', 'https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df', 'https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193', 'https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a', 'https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c', 'https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46805-b06a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46805', 'https://www.cve.org/CVERecord?id=CVE-2024-46805'], 'PublishedDate': '2024-09-27T13:15:13.707Z', 'LastModifiedDate': '2024-10-02T12:58:59.767Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46807', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Check tbo resource pointer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Check tbo resource pointer\n\nValidate tbo resource pointer, skip if NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46807', 'https://git.kernel.org/linus/6cd2b872643bb29bba01a8ac739138db7bd79007 (6.11-rc1)', 'https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635', 'https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c', 'https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007', 'https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a', 'https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46807-b78e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46807', 'https://www.cve.org/CVERecord?id=CVE-2024-46807'], 'PublishedDate': '2024-09-27T13:15:13.84Z', 'LastModifiedDate': '2024-10-04T17:40:08.083Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46810', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46810', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ\n\nMake sure the connector is fully initialized before signalling any\nHPD events via drm_kms_helper_hotplug_event(), otherwise this may\nlead to NULL pointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46810', 'https://git.kernel.org/linus/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f (6.11-rc1)', 'https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f', 'https://git.kernel.org/stable/c/1fb13693953737783b424aa4712f0a27a9eaf5a8', 'https://git.kernel.org/stable/c/9d567126474e68f959b2c2543c375f3bb32e948a', 'https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8', 'https://git.kernel.org/stable/c/e1b121f21bbc56a6ae035aa5b77daac62bfb9be5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46810-2eb3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46810', 'https://www.cve.org/CVERecord?id=CVE-2024-46810'], 'PublishedDate': '2024-09-27T13:15:14.037Z', 'LastModifiedDate': '2024-10-04T17:43:04.277Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46814', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check msg_id before processing transcation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY & HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46814', 'https://git.kernel.org/linus/fa71face755e27dc44bc296416ebdf2c67163316 (6.11-rc1)', 'https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8', 'https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755', 'https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4', 'https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2', 'https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316', 'https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46814-5021@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46814', 'https://www.cve.org/CVERecord?id=CVE-2024-46814'], 'PublishedDate': '2024-09-27T13:15:14.297Z', 'LastModifiedDate': '2024-10-04T17:27:47.45Z'}, {'VulnerabilityID': 'CVE-2024-46815', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46815', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY & HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46815', 'https://git.kernel.org/linus/b38a4815f79b87efb196cd5121579fc51e29a7fb (6.11-rc1)', 'https://git.kernel.org/stable/c/21f9cb44f8c60bf6c26487d428b1a09ad3e8aebf', 'https://git.kernel.org/stable/c/6a4a08e45e614cfa7a56498cdfaeb7fae2f07fa0', 'https://git.kernel.org/stable/c/7c47dd2e92341f2989ab73dbed07f8894593ad7b', 'https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267', 'https://git.kernel.org/stable/c/b36e9b3104c4ba0f2f5dd083dcf6159cb316c996', 'https://git.kernel.org/stable/c/b38a4815f79b87efb196cd5121579fc51e29a7fb', 'https://git.kernel.org/stable/c/c4a7f7c0062fe2c73f70bb7e335199e25bd71492', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46815-fce2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46815', 'https://www.cve.org/CVERecord?id=CVE-2024-46815'], 'PublishedDate': '2024-09-27T13:15:14.37Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46817', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46817', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6\n\n[Why]\nCoverity reports OVERRUN warning. Should abort amdgpu_dm\ninitialize.\n\n[How]\nReturn failure to amdgpu_dm_init.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46817', 'https://git.kernel.org/linus/84723eb6068c50610c5c0893980d230d7afa2105 (6.11-rc1)', 'https://git.kernel.org/stable/c/21bbb39863f10f5fb4bf772d15b07d5d13590e9d', 'https://git.kernel.org/stable/c/28b515c458aa9c92bfcb99884c94713a5f471cea', 'https://git.kernel.org/stable/c/754321ed63f0a4a31252ca72e0bd89a9e1888018', 'https://git.kernel.org/stable/c/84723eb6068c50610c5c0893980d230d7afa2105', 'https://git.kernel.org/stable/c/94cb77700fa4ae6200486bfa0ba2ac547534afd2', 'https://git.kernel.org/stable/c/d398c74c881dee695f6eb6138c9891644e1c3d9d', 'https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46817-7a2c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46817', 'https://www.cve.org/CVERecord?id=CVE-2024-46817'], 'PublishedDate': '2024-09-27T13:15:14.493Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46818', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46818', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check gpio_id before used as array index', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46818', 'https://git.kernel.org/linus/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 (6.11-rc1)', 'https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700', 'https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c', 'https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d', 'https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6', 'https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406', 'https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84', 'https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46818-8d41@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46818', 'https://www.cve.org/CVERecord?id=CVE-2024-46818'], 'PublishedDate': '2024-09-27T13:15:14.563Z', 'LastModifiedDate': '2024-10-04T17:18:36.613Z'}, {'VulnerabilityID': 'CVE-2024-46819', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don't print NBIO err data", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46819', 'https://git.kernel.org/linus/d190b459b2a4304307c3468ed97477b808381011 (6.11-rc1)', 'https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8', 'https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e', 'https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661', 'https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21', 'https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828', 'https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46819-d958@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46819', 'https://www.cve.org/CVERecord?id=CVE-2024-46819'], 'PublishedDate': '2024-09-27T13:15:14.64Z', 'LastModifiedDate': '2024-10-04T17:11:00.57Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46822', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL.  This function would\nthen cause a NULL pointer dereference.   Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46822', 'https://git.kernel.org/linus/2488444274c70038eb6b686cba5f1ce48ebb9cdd (6.11-rc1)', 'https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd', 'https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e', 'https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc', 'https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7', 'https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b', 'https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7', 'https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f', 'https://lore.kernel.org/linux-cve-announce/2024092749-CVE-2024-46822-b901@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46822', 'https://www.cve.org/CVERecord?id=CVE-2024-46822'], 'PublishedDate': '2024-09-27T13:15:14.83Z', 'LastModifiedDate': '2024-10-02T14:24:01.757Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46824', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommufd: Require drivers to supply the cache_invalidate_user ops', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Require drivers to supply the cache_invalidate_user ops\n\nIf drivers don't do this then iommufd will oops invalidation ioctls with\nsomething like:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000004\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000\n  [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n  Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c)\n  pc : 0x0\n  lr : iommufd_hwpt_invalidate+0xa4/0x204\n  sp : ffff800080f3bcc0\n  x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0\n  x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000\n  x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002\n  x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80\n  Call trace:\n   0x0\n   iommufd_fops_ioctl+0x154/0x274\n   __arm64_sys_ioctl+0xac/0xf0\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xb4\n   el0t_64_sync_handler+0x120/0x12c\n   el0t_64_sync+0x190/0x194\n\nAll existing drivers implement this op for nesting, this is mostly a\nbisection aid.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46824', 'https://git.kernel.org/linus/a11dda723c6493bb1853bbc61c093377f96e2d47 (6.11-rc1)', 'https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520', 'https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46824-03d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46824', 'https://www.cve.org/CVERecord?id=CVE-2024-46824'], 'PublishedDate': '2024-09-27T13:15:14.96Z', 'LastModifiedDate': '2024-10-02T14:29:08.417Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46828', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46828', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched: sch_cake: fix bulk flow accounting logic for host fairness', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: fix bulk flow accounting logic for host fairness\n\nIn sch_cake, we keep track of the count of active bulk flows per host,\nwhen running in dst/src host fairness mode, which is used as the\nround-robin weight when iterating through flows. The count of active\nbulk flows is updated whenever a flow changes state.\n\nThis has a peculiar interaction with the hash collision handling: when a\nhash collision occurs (after the set-associative hashing), the state of\nthe hash bucket is simply updated to match the new packet that collided,\nand if host fairness is enabled, that also means assigning new per-host\nstate to the flow. For this reason, the bulk flow counters of the\nhost(s) assigned to the flow are decremented, before new state is\nassigned (and the counters, which may not belong to the same host\nanymore, are incremented again).\n\nBack when this code was introduced, the host fairness mode was always\nenabled, so the decrement was unconditional. When the configuration\nflags were introduced the *increment* was made conditional, but\nthe *decrement* was not. Which of course can lead to a spurious\ndecrement (and associated wrap-around to U16_MAX).\n\nAFAICT, when host fairness is disabled, the decrement and wrap-around\nhappens as soon as a hash collision occurs (which is not that common in\nitself, due to the set-associative hashing). However, in most cases this\nis harmless, as the value is only used when host fairness mode is\nenabled. So in order to trigger an array overflow, sch_cake has to first\nbe configured with host fairness disabled, and while running in this\nmode, a hash collision has to occur to cause the overflow. Then, the\nqdisc has to be reconfigured to enable host fairness, which leads to the\narray out-of-bounds because the wrapped-around value is retained and\nused as an array index. It seems that syzbot managed to trigger this,\nwhich is quite impressive in its own right.\n\nThis patch fixes the issue by introducing the same conditional check on\ndecrement as is used on increment.\n\nThe original bug predates the upstreaming of cake, but the commit listed\nin the Fixes tag touched that code, meaning that this patch won't apply\nbefore that.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46828', 'https://git.kernel.org/linus/546ea84d07e3e324644025e2aae2d12ea4c5896e (6.11-rc7)', 'https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb', 'https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e', 'https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094', 'https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd', 'https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4', 'https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447', 'https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46828-2184@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46828', 'https://www.cve.org/CVERecord?id=CVE-2024-46828'], 'PublishedDate': '2024-09-27T13:15:15.22Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46829', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rtmutex: Drop rt_mutex::wait_lock before scheduling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Drop rt_mutex::wait_lock before scheduling\n\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the 'scheduling in atomic' warning.\n\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\n\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ]", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46829', 'https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)', 'https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0', 'https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38', 'https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f', 'https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f', 'https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83', 'https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0', 'https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b', 'https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46829-da70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46829', 'https://www.cve.org/CVERecord?id=CVE-2024-46829'], 'PublishedDate': '2024-09-27T13:15:15.3Z', 'LastModifiedDate': '2024-10-02T14:27:57.92Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46831', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: microchip: vcap: Fix use-after-free error in kunit test', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap: Fix use-after-free error in kunit test\n\nThis is a clear use-after-free error. We remove it, and rely on checking\nthe return code of vcap_del_rule.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46831', 'https://git.kernel.org/linus/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 (6.11-rc7)', 'https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657', 'https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b', 'https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46831-06bf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46831', 'https://www.cve.org/CVERecord?id=CVE-2024-46831'], 'PublishedDate': '2024-09-27T13:15:15.457Z', 'LastModifiedDate': '2024-10-02T14:26:13.807Z'}, {'VulnerabilityID': 'CVE-2024-46832', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: MIPS: cevt-r4k: Don&#39;t call get_c0_compare_int if timer irq is installed', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cevt-r4k: Don\'t call get_c0_compare_int if timer irq is installed\n\nThis avoids warning:\n\n[    0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n\nCaused by get_c0_compare_int on secondary CPU.\n\nWe also skipped saving IRQ number to struct clock_event_device *cd as\nit\'s never used by clockevent core, as per comments it\'s only meant\nfor "non CPU local devices".', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46832', 'https://git.kernel.org/linus/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 (6.11-rc5)', 'https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52', 'https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30', 'https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13', 'https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98', 'https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db', 'https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46832-3ad0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46832', 'https://www.cve.org/CVERecord?id=CVE-2024-46832'], 'PublishedDate': '2024-09-27T13:15:15.517Z', 'LastModifiedDate': '2024-10-09T15:51:20.7Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46838', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46838', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: don&#39;t BUG_ON() if khugepaged yanks our page table', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: don\'t BUG_ON() if khugepaged yanks our page table\n\nSince khugepaged was changed to allow retracting page tables in file\nmappings without holding the mmap lock, these BUG_ON()s are wrong - get\nrid of them.\n\nWe could also remove the preceding "if (unlikely(...))" block, but then we\ncould reach pte_offset_map_lock() with transhuge pages not just for file\nmappings but also for anonymous mappings - which would probably be fine\nbut I think is not necessarily expected.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46838', 'https://git.kernel.org/linus/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a (6.11-rc7)', 'https://git.kernel.org/stable/c/4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a', 'https://git.kernel.org/stable/c/4a594acc12d5954cdc71d4450a386748bf3d136a', 'https://git.kernel.org/stable/c/db978287e908d48b209e374b00d847b2d785e0a9', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46838-5fa5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46838', 'https://www.cve.org/CVERecord?id=CVE-2024-46838'], 'PublishedDate': '2024-09-27T13:15:15.92Z', 'LastModifiedDate': '2024-10-09T15:35:40.827Z'}, {'VulnerabilityID': 'CVE-2024-46840', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46840', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: clean up our handling of refs == 0 in snapshot delete', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: clean up our handling of refs == 0 in snapshot delete\n\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren't\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46840', 'https://git.kernel.org/linus/b8ccef048354074a548f108e51d0557d6adfd3a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16', 'https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e', 'https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32', 'https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9', 'https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b', 'https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3', 'https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c', 'https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46840-fc44@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46840', 'https://www.cve.org/CVERecord?id=CVE-2024-46840'], 'PublishedDate': '2024-09-27T13:15:16.057Z', 'LastModifiedDate': '2024-10-08T18:15:07.857Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46844', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: um: line: always fill *error_out in setup_one_line()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn't initialized by callers, but I have\nencountered cases where it's still printed; initialize\nit in all possible cases in setup_one_line().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-824'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46844', 'https://git.kernel.org/linus/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d (6.11-rc1)', 'https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf', 'https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5', 'https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6', 'https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d', 'https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84', 'https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874', 'https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc', 'https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46844-af64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46844', 'https://www.cve.org/CVERecord?id=CVE-2024-46844'], 'PublishedDate': '2024-09-27T13:15:16.313Z', 'LastModifiedDate': '2024-10-02T14:22:50.533Z'}, {'VulnerabilityID': 'CVE-2024-46845', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46845', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing/timerlat: Only clear timer if a kthread exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Only clear timer if a kthread exists\n\nThe timerlat tracer can use user space threads to check for osnoise and\ntimer latency. If the program using this is killed via a SIGTERM, the\nthreads are shutdown one at a time and another tracing instance can start\nup resetting the threads before they are fully closed. That causes the\nhrtimer assigned to the kthread to be shutdown and freed twice when the\ndying thread finally closes the file descriptors, causing a use-after-free\nbug.\n\nOnly cancel the hrtimer if the associated thread is still around. Also add\nthe interface_lock around the resetting of the tlat_var->kthread.\n\nNote, this is just a quick fix that can be backported to stable. A real\nfix is to have a better synchronization between the shutdown of old\nthreads and the starting of new ones.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46845', 'https://git.kernel.org/linus/e6a53481da292d970d1edf0d8831121d1c5e2f0d (6.11-rc7)', 'https://git.kernel.org/stable/c/8a9d0d405159e9c796ddf771f7cff691c1a2bc1e', 'https://git.kernel.org/stable/c/8c72f0b2c45f21cb8b00fc37f79f632d7e46c2ed', 'https://git.kernel.org/stable/c/e6a53481da292d970d1edf0d8831121d1c5e2f0d', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46845', 'https://www.cve.org/CVERecord?id=CVE-2024-46845'], 'PublishedDate': '2024-09-27T13:15:16.397Z', 'LastModifiedDate': '2024-10-02T14:18:32.923Z'}, {'VulnerabilityID': 'CVE-2024-46846', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46846', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip: Resolve unbalanced runtime PM / system PM handling\n\nCommit e882575efc77 ("spi: rockchip: Suspend and resume the bus during\nNOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and\nsimply disabled clocks unconditionally when suspending the system. This\ncauses problems when the device is already runtime suspended when we go\nto sleep -- in which case we double-disable clocks and produce a\nWARNing.\n\nSwitch back to pm_runtime_force_{suspend,resume}(), because that still\nseems like the right thing to do, and the aforementioned commit makes no\nexplanation why it stopped using it.\n\nAlso, refactor some of the resume() error handling, because it\'s not\nactually a good idea to re-disable clocks on failure.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46846', 'https://git.kernel.org/linus/be721b451affbecc4ba4eaac3b71cdbdcade1b1b (6.11-rc7)', 'https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a', 'https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c', 'https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b', 'https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46846', 'https://www.cve.org/CVERecord?id=CVE-2024-46846'], 'PublishedDate': '2024-09-27T13:15:16.48Z', 'LastModifiedDate': '2024-10-08T18:25:56.467Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46850', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46850', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46850', 'https://git.kernel.org/linus/e835d5144f5ef78e4f8828c63e2f0d61144f283a (6.11)', 'https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7', 'https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46850-186e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46850', 'https://www.cve.org/CVERecord?id=CVE-2024-46850'], 'PublishedDate': '2024-09-27T13:15:16.787Z', 'LastModifiedDate': '2024-10-04T15:30:32.11Z'}, {'VulnerabilityID': 'CVE-2024-46851', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46851', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46851', 'https://git.kernel.org/linus/a7aeb03888b92304e2fc7d4d1c242f54a312561b (6.11)', 'https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b', 'https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46851-125b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46851', 'https://www.cve.org/CVERecord?id=CVE-2024-46851'], 'PublishedDate': '2024-09-27T13:15:16.85Z', 'LastModifiedDate': '2024-10-04T16:00:43.913Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46864', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/hyperv: fix kexec crash due to VP assist page corruption', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: fix kexec crash due to VP assist page corruption\n\ncommit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when\nCPUs go online/offline") introduces a new cpuhp state for hyperv\ninitialization.\n\ncpuhp_setup_state() returns the state number if state is\nCPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states.\nFor the hyperv case, since a new cpuhp state was introduced it would\nreturn 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call\nis conditioned upon "hyperv_init_cpuhp > 0". This will never be true and\nso hv_cpu_die() won\'t be called on all CPUs. This means the VP assist page\nwon\'t be reset. When the kexec kernel tries to setup the VP assist page\nagain, the hypervisor corrupts the memory region of the old VP assist page\ncausing a panic in case the kexec kernel is using that memory elsewhere.\nThis was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec\npanic/hang issues").\n\nGet rid of hyperv_init_cpuhp entirely since we are no longer using a\ndynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with\ncpuhp_remove_state().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46864', 'https://git.kernel.org/linus/b9af6418279c4cf73ca073f8ea024992b38be8ab (6.11)', 'https://git.kernel.org/stable/c/2ae1beb3ab4f28868cc5d1541d05e1fbee3ad825', 'https://git.kernel.org/stable/c/b9af6418279c4cf73ca073f8ea024992b38be8ab', 'https://git.kernel.org/stable/c/d6f018a3b49d0a94ddbd0e479c2af6b19724e434', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46864-0343@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46864', 'https://www.cve.org/CVERecord?id=CVE-2024-46864'], 'PublishedDate': '2024-09-27T13:15:17.747Z', 'LastModifiedDate': '2024-10-03T15:29:34.927Z'}, {'VulnerabilityID': 'CVE-2024-46866', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: add missing bo locking in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n  - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46866', 'https://git.kernel.org/linus/94c4aa266111262c96c98f822d1bccc494786fee (6.11)', 'https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee', 'https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46866', 'https://www.cve.org/CVERecord?id=CVE-2024-46866'], 'PublishedDate': '2024-09-27T13:15:17.887Z', 'LastModifiedDate': '2024-10-01T17:09:30Z'}, {'VulnerabilityID': 'CVE-2024-46867', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/client: fix deadlock in show_meminfo()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46867', 'https://git.kernel.org/linus/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b (6.11)', 'https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b', 'https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46867-7fe4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46867', 'https://www.cve.org/CVERecord?id=CVE-2024-46867'], 'PublishedDate': '2024-09-27T13:15:17.937Z', 'LastModifiedDate': '2024-10-01T17:09:58.147Z'}, {'VulnerabilityID': 'CVE-2024-46868', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock.  That means that if we tried to set it later, then\nit would cause a deadlock.  Drop the lock on the error path.  That's\nwhat all the callers are expecting.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46868', 'https://git.kernel.org/linus/db213b0cfe3268d8b1d382b3bcc999c687a2567f (6.11)', 'https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03', 'https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f', 'https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46868', 'https://www.cve.org/CVERecord?id=CVE-2024-46868'], 'PublishedDate': '2024-09-27T13:15:18.007Z', 'LastModifiedDate': '2024-10-01T17:09:12.247Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47659', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47659', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smack: tcp: ipv4, fix incorrect labeling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: tcp: ipv4, fix incorrect labeling\n\nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:\nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,\n'foo' always gets 'foo' in returned ipv4 packets. So,\n1) returned packets are incorrectly labeled ('foo' instead of 'bar')\n2) 'bar' can write to 'foo' without being authorized to write.\n\nHere is a scenario how to see this:\n\n* Take two machines, let's call them C and S,\n   with active Smack in the default state\n   (no settings, no rules, no labeled hosts, only builtin labels)\n\n* At S, add Smack rule 'foo bar w'\n   (labels 'foo' and 'bar' are instantiated at S at this moment)\n\n* At S, at label 'bar', launch a program\n   that listens for incoming tcp/ipv4 connections\n\n* From C, at label 'foo', connect to the listener at S.\n   (label 'foo' is instantiated at C at this moment)\n   Connection succeedes and works.\n\n* Send some data in both directions.\n* Collect network traffic of this connection.\n\nAll packets in both directions are labeled with the CIPSO\nof the label 'foo'. Hence, label 'bar' writes to 'foo' without\nbeing authorized, and even without ever being known at C.\n\nIf anybody cares: exactly the same happens with DCCP.\n\nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)\nand it looks unintentional. At least, no explanation was provided.\n\nI changed returned packes label into the 'bar',\nto bring it into line with the Smack documentation claims.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47659', 'https://git.kernel.org/stable/c/0776bcf9cb6de46fdd94d10118de1cf9b05f83b9', 'https://git.kernel.org/stable/c/0aea09e82eafa50a373fc8a4b84c1d4734751e2c', 'https://git.kernel.org/stable/c/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550', 'https://git.kernel.org/stable/c/4be9fd15c3c88775bdf6fa37acabe6de85beebff', 'https://git.kernel.org/stable/c/5b4b304f196c070342e32a4752e1fa2e22fc0671', 'https://git.kernel.org/stable/c/a948ec993541db4ef392b555c37a1186f4d61670', 'https://git.kernel.org/stable/c/d3703fa94116fed91f64c7d1c7d284fb4369070f', 'https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47659-03a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47659', 'https://www.cve.org/CVERecord?id=CVE-2024-47659'], 'PublishedDate': '2024-10-09T14:15:07.66Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47660', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fsnotify: clear PARENT_WATCHED flags lazily', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: clear PARENT_WATCHED flags lazily\n\nIn some setups directories can have many (usually negative) dentries.\nHence __fsnotify_update_child_dentry_flags() function can take a\nsignificant amount of time. Since the bulk of this function happens\nunder inode->i_lock this causes a significant contention on the lock\nwhen we remove the watch from the directory as the\n__fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()\nraces with __fsnotify_update_child_dentry_flags() calls from\n__fsnotify_parent() happening on children. This can lead upto softlockup\nreports reported by users.\n\nFix the problem by calling fsnotify_update_children_dentry_flags() to\nset PARENT_WATCHED flags only when parent starts watching children.\n\nWhen parent stops watching children, clear false positive PARENT_WATCHED\nflags lazily in __fsnotify_parent() for each accessed child.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47660', 'https://git.kernel.org/stable/c/172e422ffea20a89bfdc672741c1aad6fbb5044e', 'https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d', 'https://git.kernel.org/stable/c/7ef1d2e240c32b1f337a37232d037b07e3919e1a', 'https://git.kernel.org/stable/c/d8c42405fc3507cc43ba7e4986a773c3fc633f6e', 'https://git.kernel.org/stable/c/f9a48bc3dd9099935751458a5bbbea4b7c28abc8', 'https://git.kernel.org/stable/c/fc1b1e135c3f72382f792e6c319fc088d5523ad5', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47660-2d61@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47660', 'https://www.cve.org/CVERecord?id=CVE-2024-47660'], 'PublishedDate': '2024-10-09T14:15:07.73Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47663', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47663', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: staging: iio: frequency: ad9834: Validate frequency parameter value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47663', 'https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47', 'https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e', 'https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53', 'https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227', 'https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465', 'https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a', 'https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47663', 'https://www.cve.org/CVERecord?id=CVE-2024-47663'], 'PublishedDate': '2024-10-09T15:15:15.15Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47665', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47665', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup\n\nDefinitely condition dma_get_cache_alignment * defined value > 256\nduring driver initialization is not reason to BUG_ON(). Turn that to\ngraceful error out with -EINVAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47665', 'https://git.kernel.org/stable/c/2666085335bdfedf90d91f4071490ad3980be785', 'https://git.kernel.org/stable/c/5a022269abb22809f2a174b90f200fc4b9526058', 'https://git.kernel.org/stable/c/8a2be2f1db268ec735419e53ef04ca039fc027dc', 'https://git.kernel.org/stable/c/cacb76df247a7cd842ff29755a523b1cba6c0508', 'https://git.kernel.org/stable/c/e2d14bfda9eb5393f8a17008afe2aa7fe0a29815', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47665-901e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47665', 'https://www.cve.org/CVERecord?id=CVE-2024-47665'], 'PublishedDate': '2024-10-09T15:15:15.29Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47667', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)\n\nErrata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0\n(SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an\ninbound PCIe TLP spans more than two internal AXI 128-byte bursts,\nthe bus may corrupt the packet payload and the corrupt data may\ncause associated applications or the processor to hang.\n\nThe workaround for Errata #i2037 is to limit the maximum read\nrequest size and maximum payload size to 128 bytes. Add workaround\nfor Errata #i2037 here.\n\nThe errata and workaround is applicable only to AM65x SR 1.0 and\nlater versions of the silicon will have this fixed.\n\n[1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47667', 'https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881', 'https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572', 'https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa', 'https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61', 'https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6', 'https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a', 'https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47667-2d01@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47667', 'https://www.cve.org/CVERecord?id=CVE-2024-47667'], 'PublishedDate': '2024-10-09T15:15:15.43Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47668', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we'll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it'll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47668', 'https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f', 'https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da', 'https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283', 'https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169', 'https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae', 'https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e', 'https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47668-6b53@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47668', 'https://www.cve.org/CVERecord?id=CVE-2024-47668'], 'PublishedDate': '2024-10-09T15:15:15.513Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47669', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47669', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nilfs2: fix state management in error path of log writing function', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix state management in error path of log writing function\n\nAfter commit a694291a6211 ("nilfs2: separate wait function from\nnilfs_segctor_write") was applied, the log writing function\nnilfs_segctor_do_construct() was able to issue I/O requests continuously\neven if user data blocks were split into multiple logs across segments,\nbut two potential flaws were introduced in its error handling.\n\nFirst, if nilfs_segctor_begin_construction() fails while creating the\nsecond or subsequent logs, the log writing function returns without\ncalling nilfs_segctor_abort_construction(), so the writeback flag set on\npages/folios will remain uncleared.  This causes page cache operations to\nhang waiting for the writeback flag.  For example,\ntruncate_inode_pages_final(), which is called via nilfs_evict_inode() when\nan inode is evicted from memory, will hang.\n\nSecond, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. \nAs a result, if the next log write involves checkpoint creation, that\'s\nfine, but if a partial log write is performed that does not, inodes with\nNILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files"\nlist, and their data and b-tree blocks may not be written to the device,\ncorrupting the block mapping.\n\nFix these issues by uniformly calling nilfs_segctor_abort_construction()\non failure of each step in the loop in nilfs_segctor_do_construct(),\nhaving it clean up logs and segment usages according to progress, and\ncorrecting the conditions for calling nilfs_redirty_inodes() to ensure\nthat the NILFS_I_COLLECTED flag is cleared.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47669', 'https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a', 'https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc', 'https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06', 'https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876', 'https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf', 'https://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab', 'https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b', 'https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b', 'https://lore.kernel.org/linux-cve-announce/2024100906-CVE-2024-47669-135c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47669', 'https://www.cve.org/CVERecord?id=CVE-2024-47669'], 'PublishedDate': '2024-10-09T15:15:15.59Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-6238', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: memory corruption via unprivileged user passthrough', 'Description': 'A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-6238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250834', 'https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u', 'https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6238', 'https://www.cve.org/CVERecord?id=CVE-2023-6238'], 'PublishedDate': '2023-11-21T21:15:09.273Z', 'LastModifiedDate': '2024-02-07T00:15:55.24Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-tools-6.8.0-1015-aws@6.8.0-1015.16~22.04.1', 'PkgName': 'linux-tools-6.8.0-1015-aws', 'InstalledVersion': '6.8.0-1015.16~22.04.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-27397', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'FixedVersion': '5.15.0-124.134', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27397', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nf_tables: use timestamp to check for set element timeout', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: use timestamp to check for set element timeout\n\nAdd a timestamp field at the beginning of the transaction, store it\nin the nftables per-netns area.\n\nUpdate set backend .insert, .deactivate and sync gc path to use the\ntimestamp, this avoids that an element expires while control plane\ntransaction is still unfinished.\n\n.lookup and .update, which are used from packet path, still use the\ncurrent time to check if the element has expired. And .get path and dump\nalso since this runs lockless under rcu read size lock. Then, there is\nasync gc which also needs to check the current time since it runs\nasynchronously from a workqueue.', 'Severity': 'HIGH', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-27397', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273082', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273466', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281131', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293230', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293456', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294225', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4583', 'https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)', 'https://git.kernel.org/stable/c/0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d', 'https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3', 'https://git.kernel.org/stable/c/7395dfacfff65e9938ac0889dafa1ab01e987d15', 'https://git.kernel.org/stable/c/7b17de2a71e56c10335b565cc7ad238e6d984379', 'https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01', 'https://git.kernel.org/stable/c/eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe', 'https://git.kernel.org/stable/c/f8dfda798650241c1692058713ca4fef8e429061', 'https://linux.oracle.com/cve/CVE-2024-27397.html', 'https://linux.oracle.com/errata/ELSA-2024-4583.html', 'https://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27397-fd1e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27397', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27397'], 'PublishedDate': '2024-05-14T15:12:28.24Z', 'LastModifiedDate': '2024-08-19T05:15:06.293Z'}, {'VulnerabilityID': 'CVE-2024-38630', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'FixedVersion': '5.15.0-124.134', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38630', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.', 'Severity': 'HIGH', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38630', 'https://git.kernel.org/linus/573601521277119f2e2ba5f28ae6e87fc594f4d4 (6.10-rc1)', 'https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4', 'https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314', 'https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a', 'https://lore.kernel.org/linux-cve-announce/2024062141-CVE-2024-38630-3640@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38630', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38630'], 'PublishedDate': '2024-06-21T11:15:11.81Z', 'LastModifiedDate': '2024-09-09T13:43:13.5Z'}, {'VulnerabilityID': 'CVE-2013-7445', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2013-7445', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects', 'Description': 'The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-399'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C', 'V2Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V2Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2013-7445', 'https://bugzilla.kernel.org/show_bug.cgi?id=60533', 'https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)', 'https://nvd.nist.gov/vuln/detail/CVE-2013-7445', 'https://www.cve.org/CVERecord?id=CVE-2013-7445'], 'PublishedDate': '2015-10-16T01:59:00.12Z', 'LastModifiedDate': '2015-10-16T16:22:25.587Z'}, {'VulnerabilityID': 'CVE-2015-8553', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2015-8553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'xen: non-maskable interrupts triggerable by guests (xsa120)', 'Description': 'Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 6.5}, 'redhat': {'V2Vector': 'AV:A/AC:M/Au:S/C:N/I:N/A:C', 'V2Score': 5.2}}, 'References': ['http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)', 'http://xenbits.xen.org/xsa/advisory-120.html', 'https://access.redhat.com/security/cve/CVE-2015-8553', 'https://nvd.nist.gov/vuln/detail/CVE-2015-8553', 'https://seclists.org/bugtraq/2019/Aug/18', 'https://www.cve.org/CVERecord?id=CVE-2015-8553', 'https://www.debian.org/security/2019/dsa-4497'], 'PublishedDate': '2016-04-13T15:59:07.307Z', 'LastModifiedDate': '2019-08-13T23:15:11.203Z'}, {'VulnerabilityID': 'CVE-2016-8660', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-8660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation', 'Description': 'The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-19'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.7, 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2016/10/13/8', 'http://www.securityfocus.com/bid/93558', 'https://access.redhat.com/security/cve/CVE-2016-8660', 'https://bugzilla.redhat.com/show_bug.cgi?id=1384851', 'https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/', 'https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2', 'https://marc.info/?l=linux-xfs&m=149498118228320&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2016-8660', 'https://www.cve.org/CVERecord?id=CVE-2016-8660'], 'PublishedDate': '2016-10-16T21:59:14.333Z', 'LastModifiedDate': '2016-11-28T20:41:02.59Z'}, {'VulnerabilityID': 'CVE-2018-17977', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-17977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service', 'Description': 'The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.9}}, 'References': ['http://www.securityfocus.com/bid/105539', 'https://access.redhat.com/security/cve/CVE-2018-17977', 'https://bugzilla.suse.com/show_bug.cgi?id=1111609', 'https://nvd.nist.gov/vuln/detail/CVE-2018-17977', 'https://www.cve.org/CVERecord?id=CVE-2018-17977', 'https://www.openwall.com/lists/oss-security/2018/10/05/5'], 'PublishedDate': '2018-10-08T17:29:00.653Z', 'LastModifiedDate': '2018-11-26T15:51:30.427Z'}, {'VulnerabilityID': 'CVE-2018-7191', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-7191', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: denial of service via ioctl call in network tun handling', 'Description': 'In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html', 'http://www.securityfocus.com/bid/108380', 'https://access.redhat.com/security/cve/CVE-2018-7191', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748846', 'https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ad646c81b2182f7fa67ec0c8c825e0ee165696d', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c25f65fd1e42685f7ccd80e0621829c105785d9', 'https://git.kernel.org/linus/0ad646c81b2182f7fa67ec0c8c825e0ee165696d', 'https://git.kernel.org/linus/5c25f65fd1e42685f7ccd80e0621829c105785d9', 'https://github.com/torvalds/linux/commit/0ad646c81b2182f7fa67ec0c8c825e0ee165696d', 'https://github.com/torvalds/linux/commit/5c25f65fd1e42685f7ccd80e0621829c105785d9', 'https://linux.oracle.com/cve/CVE-2018-7191.html', 'https://linux.oracle.com/errata/ELSA-2020-1016.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-7191', 'https://www.cve.org/CVERecord?id=CVE-2018-7191'], 'PublishedDate': '2019-05-17T05:29:00.223Z', 'LastModifiedDate': '2019-05-31T12:29:01.33Z'}, {'VulnerabilityID': 'CVE-2021-3714', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Remote Page Deduplication Attacks', 'Description': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3714', 'https://arxiv.org/abs/2111.08553', 'https://arxiv.org/pdf/2111.08553.pdf', 'https://bugzilla.redhat.com/show_bug.cgi?id=1931327', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3714', 'https://www.cve.org/CVERecord?id=CVE-2021-3714'], 'PublishedDate': '2022-08-23T16:15:09.6Z', 'LastModifiedDate': '2024-02-01T18:51:23.66Z'}, {'VulnerabilityID': 'CVE-2021-3864', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-3864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: descendant's dumpable setting with certain SUID binaries", 'Description': 'A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-284'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-3864', 'https://bugzilla.redhat.com/show_bug.cgi?id=2015046', 'https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/', 'https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com', 'https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/', 'https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/', 'https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/', 'https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com', 'https://nvd.nist.gov/vuln/detail/CVE-2021-3864', 'https://security-tracker.debian.org/tracker/CVE-2021-3864', 'https://www.cve.org/CVERecord?id=CVE-2021-3864', 'https://www.openwall.com/lists/oss-security/2021/10/20/2'], 'PublishedDate': '2022-08-26T16:15:09.68Z', 'LastModifiedDate': '2023-02-12T23:42:51.317Z'}, {'VulnerabilityID': 'CVE-2021-4095', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-4095', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c', 'Description': "A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 1.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2022/01/17/1', 'https://access.redhat.com/security/cve/CVE-2021-4095', 'https://bugzilla.redhat.com/show_bug.cgi?id=2031194', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55749769fe608fa3f4a075e42e89d237c8e3763', 'https://linux.oracle.com/cve/CVE-2021-4095.html', 'https://linux.oracle.com/errata/ELSA-2022-9534.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/', 'https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-4095', 'https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/', 'https://seclists.org/oss-sec/2021/q4/157', 'https://www.cve.org/CVERecord?id=CVE-2021-4095'], 'PublishedDate': '2022-03-10T17:44:53.563Z', 'LastModifiedDate': '2023-11-07T03:40:10.533Z'}, {'VulnerabilityID': 'CVE-2021-47432', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47432', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: lib/generic-radix-tree.c: Don't overflow in peek()", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2021-47432', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/9492261ff2460252cf2d8de89cdf854c7e2b28a0 (6.7-rc1)', 'https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac', 'https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0', 'https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437', 'https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c', 'https://linux.oracle.com/cve/CVE-2021-47432.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47432-5e69@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47432', 'https://www.cve.org/CVERecord?id=CVE-2021-47432'], 'PublishedDate': '2024-05-21T16:15:12.007Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2021-47599', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47599', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: use latest_dev in btrfs_show_devname', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G        W  O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n   btrfs_show_devname+0x108/0x1b4 [btrfs]\n   show_mountinfo+0x234/0x2c4\n   m_show+0x28/0x34\n   seq_read_iter+0x12c/0x3c4\n   vfs_read+0x29c/0x2c8\n   ksys_read+0x80/0xec\n   __arm64_sys_read+0x28/0x34\n   invoke_syscall+0x50/0xf8\n   do_el0_svc+0x88/0x138\n   el0_svc+0x2c/0x8c\n   el0t_64_sync_handler+0x84/0xe4\n   el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev->name to show the device name in\n/proc/self/mounts, the pointer will be always valid as it's assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47599', 'https://git.kernel.org/linus/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2 (5.16-rc1)', 'https://git.kernel.org/stable/c/6605fd2f394bba0a0059df2b6cfc87b0b6d393a2', 'https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1', 'https://lore.kernel.org/linux-cve-announce/2024061921-CVE-2021-47599-37b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47599', 'https://www.cve.org/CVERecord?id=CVE-2021-47599'], 'PublishedDate': '2024-06-19T15:15:54.483Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2021-47615', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-47615', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix releasing unallocated memory in dereg MR flow\n\nFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though\nit is a user MR. This causes function mlx5_free_priv_descs() to think that\nit is a kernel MR, leading to wrongly accessing mr->descs that will get\nwrong values in the union which leads to attempt to release resources that\nwere not allocated in the first place.\n\nFor example:\n DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes]\n WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0\n RIP: 0010:check_unmap+0x54f/0x8b0\n Call Trace:\n  debug_dma_unmap_page+0x57/0x60\n  mlx5_free_priv_descs+0x57/0x70 [mlx5_ib]\n  mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib]\n  ib_dereg_mr_user+0x60/0x140 [ib_core]\n  uverbs_destroy_uobject+0x59/0x210 [ib_uverbs]\n  uobj_destroy+0x3f/0x80 [ib_uverbs]\n  ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs]\n  ? uverbs_finalize_object+0x50/0x50 [ib_uverbs]\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquired+0x12/0x380\n  ? lock_acquire+0xc4/0x2e0\n  ? lock_acquire+0xc4/0x2e0\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  ? lock_release+0x28a/0x400\n  ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs]\n  ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs]\n  __x64_sys_ioctl+0x7f/0xb0\n  do_syscall_64+0x38/0x90\n\nFix it by reorganizing the dereg flow and mlx5_ib_mr structure:\n - Move the ib_umem field into the user MRs structure in the union as it's\n   applicable only there.\n - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only\n   in case there isn't udata, which indicates that this isn't a user MR.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-47615', 'https://git.kernel.org/linus/f0ae4afe3d35e67db042c58a52909e06262b740f (5.16-rc5)', 'https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9', 'https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701', 'https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f', 'https://lore.kernel.org/linux-cve-announce/2024061909-CVE-2021-47615-3c6a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2021-47615', 'https://www.cve.org/CVERecord?id=CVE-2021-47615'], 'PublishedDate': '2024-06-19T15:15:56.03Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-0400', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Out of bounds read in the smc protocol stack', 'Description': 'An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044575', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0400', 'https://www.cve.org/CVERecord?id=CVE-2022-0400'], 'PublishedDate': '2022-08-29T15:15:09.423Z', 'LastModifiedDate': '2022-09-01T20:18:18.247Z'}, {'VulnerabilityID': 'CVE-2022-0480', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0480', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion', 'Description': 'A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-0480', 'https://bugzilla.redhat.com/show_bug.cgi?id=2049700', 'https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042', 'https://github.com/kata-containers/kata-containers/issues/3373', 'https://linux.oracle.com/cve/CVE-2022-0480.html', 'https://linux.oracle.com/errata/ELSA-2024-2394.html', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/', 'https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0480', 'https://ubuntu.com/security/CVE-2022-0480', 'https://www.cve.org/CVERecord?id=CVE-2022-0480'], 'PublishedDate': '2022-08-29T15:15:09.477Z', 'LastModifiedDate': '2023-03-03T18:49:53.213Z'}, {'VulnerabilityID': 'CVE-2022-0995', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-0995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kernel bug in the watch_queue subsystem', 'Description': 'An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html', 'http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html', 'https://access.redhat.com/security/cve/CVE-2022-0995', 'https://bugzilla.redhat.com/show_bug.cgi?id=2063786', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb', 'https://nvd.nist.gov/vuln/detail/CVE-2022-0995', 'https://security.netapp.com/advisory/ntap-20220429-0001/', 'https://www.cve.org/CVERecord?id=CVE-2022-0995'], 'PublishedDate': '2022-03-25T19:15:10.52Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2022-1205', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-1205', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Null pointer dereference and use after free in net/ax25/ax25_timer.c', 'Description': 'A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-1205', 'https://bugzilla.redhat.com/show_bug.cgi?id=2071047', 'https://github.com/torvalds/linux/commit/82e31755e55fbcea6a9dfaae5fe4860ade17cbc0', 'https://github.com/torvalds/linux/commit/fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009', 'https://marc.info/?i=56c38247.32aa9.17fe95728b3.Coremail.duoming@zju.edu.cn', 'https://nvd.nist.gov/vuln/detail/CVE-2022-1205', 'https://ubuntu.com/security/notices/USN-5469-1', 'https://ubuntu.com/security/notices/USN-5471-1', 'https://ubuntu.com/security/notices/USN-5514-1', 'https://ubuntu.com/security/notices/USN-5515-1', 'https://ubuntu.com/security/notices/USN-5539-1', 'https://ubuntu.com/security/notices/USN-5541-1', 'https://ubuntu.com/security/notices/USN-6001-1', 'https://ubuntu.com/security/notices/USN-6013-1', 'https://ubuntu.com/security/notices/USN-6014-1', 'https://www.cve.org/CVERecord?id=CVE-2022-1205', 'https://www.openwall.com/lists/oss-security/2022/04/02/4'], 'PublishedDate': '2022-08-31T16:15:09.11Z', 'LastModifiedDate': '2023-11-07T03:41:48.84Z'}, {'VulnerabilityID': 'CVE-2022-1247', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-1247', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: A race condition bug in rose_connect()', 'Description': 'An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-1247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2066799', 'https://lore.kernel.org/all/20220711013111.33183-1-duoming@zju.edu.cn/', 'https://lore.kernel.org/all/cover.1656031586.git.duoming@zju.edu.cn/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-1247', 'https://www.cve.org/CVERecord?id=CVE-2022-1247'], 'PublishedDate': '2022-08-31T16:15:09.177Z', 'LastModifiedDate': '2022-09-06T19:24:14.887Z'}, {'VulnerabilityID': 'CVE-2022-25836', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-25836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-294'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N', 'V3Score': 7.5}}, 'References': ['https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/', 'https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/', 'https://www.cve.org/CVERecord?id=CVE-2022-25836'], 'PublishedDate': '2022-12-12T04:15:09.587Z', 'LastModifiedDate': '2022-12-14T17:53:27.793Z'}, {'VulnerabilityID': 'CVE-2022-2961', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-2961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: race condition in rose_bind()', 'Description': 'A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-2961', 'https://nvd.nist.gov/vuln/detail/CVE-2022-2961', 'https://security.netapp.com/advisory/ntap-20230214-0004/', 'https://www.cve.org/CVERecord?id=CVE-2022-2961'], 'PublishedDate': '2022-08-29T15:15:10.81Z', 'LastModifiedDate': '2023-06-28T20:34:05.737Z'}, {'VulnerabilityID': 'CVE-2022-3238', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3238', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously', 'Description': 'A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-415', 'CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2127927', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3238', 'https://www.cve.org/CVERecord?id=CVE-2022-3238'], 'PublishedDate': '2022-11-14T21:15:16.163Z', 'LastModifiedDate': '2022-11-17T20:24:18.537Z'}, {'VulnerabilityID': 'CVE-2022-3523', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3523', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: race when faulting a device private page in memory manager', 'Description': 'A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416', 'CWE-119'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3523', 'https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33', 'https://linux.oracle.com/cve/CVE-2022-3523.html', 'https://linux.oracle.com/errata/ELSA-2023-6583.html', 'https://lore.kernel.org/all/8735bbuyvs.fsf@nvidia.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3523', 'https://vuldb.com/?id.211020', 'https://www.cve.org/CVERecord?id=CVE-2022-3523'], 'PublishedDate': '2022-10-16T10:15:10.193Z', 'LastModifiedDate': '2023-11-07T03:51:21.797Z'}, {'VulnerabilityID': 'CVE-2022-38457', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-38457', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vmwgfx: use-after-free in vmw_cmd_res_check', 'Description': "A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7077', 'https://access.redhat.com/security/cve/CVE-2022-38457', 'https://bugzilla.openanolis.cn/show_bug.cgi?id=2074', 'https://bugzilla.redhat.com/2024989', 'https://bugzilla.redhat.com/2073091', 'https://bugzilla.redhat.com/2133453', 'https://bugzilla.redhat.com/2133455', 'https://bugzilla.redhat.com/2139610', 'https://bugzilla.redhat.com/2147356', 'https://bugzilla.redhat.com/2148520', 'https://bugzilla.redhat.com/2149024', 'https://bugzilla.redhat.com/2151317', 'https://bugzilla.redhat.com/2156322', 'https://bugzilla.redhat.com/2165741', 'https://bugzilla.redhat.com/2165926', 'https://bugzilla.redhat.com/2168332', 'https://bugzilla.redhat.com/2173403', 'https://bugzilla.redhat.com/2173430', 'https://bugzilla.redhat.com/2173434', 'https://bugzilla.redhat.com/2173444', 'https://bugzilla.redhat.com/2174400', 'https://bugzilla.redhat.com/2175903', 'https://bugzilla.redhat.com/2176140', 'https://bugzilla.redhat.com/2177371', 'https://bugzilla.redhat.com/2177389', 'https://bugzilla.redhat.com/2181330', 'https://bugzilla.redhat.com/2182443', 'https://bugzilla.redhat.com/2184578', 'https://bugzilla.redhat.com/2185945', 'https://bugzilla.redhat.com/2187257', 'https://bugzilla.redhat.com/2188468', 'https://bugzilla.redhat.com/2192667', 'https://bugzilla.redhat.com/2192671', 'https://bugzilla.redhat.com/2193097', 'https://bugzilla.redhat.com/2193219', 'https://bugzilla.redhat.com/2213139', 'https://bugzilla.redhat.com/2213199', 'https://bugzilla.redhat.com/2213485', 'https://bugzilla.redhat.com/2213802', 'https://bugzilla.redhat.com/2214348', 'https://bugzilla.redhat.com/2215502', 'https://bugzilla.redhat.com/2215835', 'https://bugzilla.redhat.com/2215836', 'https://bugzilla.redhat.com/2215837', 'https://bugzilla.redhat.com/2218195', 'https://bugzilla.redhat.com/2218212', 'https://bugzilla.redhat.com/2218943', 'https://bugzilla.redhat.com/2221707', 'https://bugzilla.redhat.com/2223949', 'https://bugzilla.redhat.com/2225191', 'https://bugzilla.redhat.com/2225201', 'https://bugzilla.redhat.com/2225511', 'https://bugzilla.redhat.com/2236982', 'https://errata.almalinux.org/8/ALSA-2023-7077.html', 'https://linux.oracle.com/cve/CVE-2022-38457.html', 'https://linux.oracle.com/errata/ELSA-2023-7077.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-38457', 'https://www.cve.org/CVERecord?id=CVE-2022-38457'], 'PublishedDate': '2022-09-09T15:15:14.52Z', 'LastModifiedDate': '2023-04-17T16:45:05.667Z'}, {'VulnerabilityID': 'CVE-2022-40133', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-40133', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context', 'Description': "A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7077', 'https://access.redhat.com/security/cve/CVE-2022-40133', 'https://bugzilla.openanolis.cn/show_bug.cgi?id=2075', 'https://bugzilla.redhat.com/2024989', 'https://bugzilla.redhat.com/2073091', 'https://bugzilla.redhat.com/2133453', 'https://bugzilla.redhat.com/2133455', 'https://bugzilla.redhat.com/2139610', 'https://bugzilla.redhat.com/2147356', 'https://bugzilla.redhat.com/2148520', 'https://bugzilla.redhat.com/2149024', 'https://bugzilla.redhat.com/2151317', 'https://bugzilla.redhat.com/2156322', 'https://bugzilla.redhat.com/2165741', 'https://bugzilla.redhat.com/2165926', 'https://bugzilla.redhat.com/2168332', 'https://bugzilla.redhat.com/2173403', 'https://bugzilla.redhat.com/2173430', 'https://bugzilla.redhat.com/2173434', 'https://bugzilla.redhat.com/2173444', 'https://bugzilla.redhat.com/2174400', 'https://bugzilla.redhat.com/2175903', 'https://bugzilla.redhat.com/2176140', 'https://bugzilla.redhat.com/2177371', 'https://bugzilla.redhat.com/2177389', 'https://bugzilla.redhat.com/2181330', 'https://bugzilla.redhat.com/2182443', 'https://bugzilla.redhat.com/2184578', 'https://bugzilla.redhat.com/2185945', 'https://bugzilla.redhat.com/2187257', 'https://bugzilla.redhat.com/2188468', 'https://bugzilla.redhat.com/2192667', 'https://bugzilla.redhat.com/2192671', 'https://bugzilla.redhat.com/2193097', 'https://bugzilla.redhat.com/2193219', 'https://bugzilla.redhat.com/2213139', 'https://bugzilla.redhat.com/2213199', 'https://bugzilla.redhat.com/2213485', 'https://bugzilla.redhat.com/2213802', 'https://bugzilla.redhat.com/2214348', 'https://bugzilla.redhat.com/2215502', 'https://bugzilla.redhat.com/2215835', 'https://bugzilla.redhat.com/2215836', 'https://bugzilla.redhat.com/2215837', 'https://bugzilla.redhat.com/2218195', 'https://bugzilla.redhat.com/2218212', 'https://bugzilla.redhat.com/2218943', 'https://bugzilla.redhat.com/2221707', 'https://bugzilla.redhat.com/2223949', 'https://bugzilla.redhat.com/2225191', 'https://bugzilla.redhat.com/2225201', 'https://bugzilla.redhat.com/2225511', 'https://bugzilla.redhat.com/2236982', 'https://errata.almalinux.org/8/ALSA-2023-7077.html', 'https://linux.oracle.com/cve/CVE-2022-40133.html', 'https://linux.oracle.com/errata/ELSA-2023-7077.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-40133', 'https://www.cve.org/CVERecord?id=CVE-2022-40133'], 'PublishedDate': '2022-09-09T15:15:15.137Z', 'LastModifiedDate': '2023-04-17T16:44:56.427Z'}, {'VulnerabilityID': 'CVE-2022-4543', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-4543', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KASLR Prefetch Bypass Breaks KPTI', 'Description': 'A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-203', 'CWE-200'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-4543', 'https://nvd.nist.gov/vuln/detail/CVE-2022-4543', 'https://www.cve.org/CVERecord?id=CVE-2022-4543', 'https://www.openwall.com/lists/oss-security/2022/12/16/3', 'https://www.willsroot.io/2022/12/entrybleed.html'], 'PublishedDate': '2023-01-11T15:15:09.673Z', 'LastModifiedDate': '2023-01-19T18:38:32.673Z'}, {'VulnerabilityID': 'CVE-2022-48628', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48628', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ceph: drop messages from MDS when unmounting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: drop messages from MDS when unmounting\n\nWhen unmounting all the dirty buffers will be flushed and after\nthe last osd request is finished the last reference of the i_count\nwill be released. Then it will flush the dirty cap/snap to MDSs,\nand the unmounting won\'t wait the possible acks, which will ihold\nthe inodes when updating the metadata locally but makes no sense\nany more, of this. This will make the evict_inodes() to skip these\ninodes.\n\nIf encrypt is enabled the kernel generate a warning when removing\nthe encrypt keys when the skipped inodes still hold the keyring:\n\nWARNING: CPU: 4 PID: 168846 at fs/crypto/keyring.c:242 fscrypt_destroy_keyring+0x7e/0xd0\nCPU: 4 PID: 168846 Comm: umount Tainted: G S  6.1.0-rc5-ceph-g72ead199864c #1\nHardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 2.0 12/17/2015\nRIP: 0010:fscrypt_destroy_keyring+0x7e/0xd0\nRSP: 0018:ffffc9000b277e28 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff88810d52ac00 RCX: ffff88810b56aa00\nRDX: 0000000080000000 RSI: ffffffff822f3a09 RDI: ffff888108f59000\nRBP: ffff8881d394fb88 R08: 0000000000000028 R09: 0000000000000000\nR10: 0000000000000001 R11: 11ff4fe6834fcd91 R12: ffff8881d394fc40\nR13: ffff888108f59000 R14: ffff8881d394f800 R15: 0000000000000000\nFS:  00007fd83f6f1080(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f918d417000 CR3: 000000017f89a005 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\ngeneric_shutdown_super+0x47/0x120\nkill_anon_super+0x14/0x30\nceph_kill_sb+0x36/0x90 [ceph]\ndeactivate_locked_super+0x29/0x60\ncleanup_mnt+0xb8/0x140\ntask_work_run+0x67/0xb0\nexit_to_user_mode_prepare+0x23d/0x240\nsyscall_exit_to_user_mode+0x25/0x60\ndo_syscall_64+0x40/0x80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fd83dc39e9b\n\nLater the kernel will crash when iput() the inodes and dereferencing\nthe "sb->s_master_keys", which has been released by the\ngeneric_shutdown_super().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48628', 'https://git.kernel.org/linus/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd (6.6-rc1)', 'https://git.kernel.org/stable/c/47f82395f04a976d4fa97de7f2acffa1c1096571', 'https://git.kernel.org/stable/c/89744b64914426cbabceb3d8a149176b5dafdfb5', 'https://git.kernel.org/stable/c/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd', 'https://lore.kernel.org/linux-cve-announce/2024030245-CVE-2022-48628-181a@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48628', 'https://www.cve.org/CVERecord?id=CVE-2022-48628'], 'PublishedDate': '2024-03-02T22:15:47Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2022-48633', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48633', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/gma500: Fix WARN_ON(lock-->magic != lock) error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix WARN_ON(lock->magic != lock) error\n\npsb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex\ngets destroyed by drm_gem_object_release() move the\ndrm_gem_object_release() call in psb_gem_free_object() to after\nthe unpin to fix the below warning:\n\n[   79.693962] ------------[ cut here ]------------\n[   79.693992] DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n[   79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __ww_mutex_lock.constprop.0+0x569/0xfb0\n[   79.694052] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer qrtr bnep ath9k ath9k_common ath9k_hw snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel ath3k snd_intel_dspcfg mac80211 snd_intel_sdw_acpi btusb snd_hda_codec btrtl btbcm btintel btmtk bluetooth at24 snd_hda_core snd_hwdep uvcvideo snd_seq libarc4 videobuf2_vmalloc ath videobuf2_memops videobuf2_v4l2 videobuf2_common snd_seq_device videodev acer_wmi intel_powerclamp coretemp mc snd_pcm joydev sparse_keymap ecdh_generic pcspkr wmi_bmof cfg80211 i2c_i801 i2c_smbus snd_timer snd r8169 rfkill lpc_ich soundcore acpi_cpufreq zram rtsx_pci_sdmmc mmc_core serio_raw rtsx_pci gma500_gfx(E) video wmi ip6_tables ip_tables i2c_dev fuse\n[   79.694436] CPU: 0 PID: 240 Comm: plymouthd Tainted: G        W   E      6.0.0-rc3+ #490\n[   79.694457] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[   79.694469] RIP: 0010:__ww_mutex_lock.constprop.0+0x569/0xfb0\n[   79.694496] Code: ff 85 c0 0f 84 15 fb ff ff 8b 05 ca 3c 11 01 85 c0 0f 85 07 fb ff ff 48 c7 c6 30 cb 84 aa 48 c7 c7 a3 e1 82 aa e8 ac 29 f8 ff <0f> 0b e9 ed fa ff ff e8 5b 83 8a ff 85 c0 74 10 44 8b 0d 98 3c 11\n[   79.694513] RSP: 0018:ffffad1dc048bbe0 EFLAGS: 00010282\n[   79.694623] RAX: 0000000000000028 RBX: 0000000000000000 RCX: 0000000000000000\n[   79.694636] RDX: 0000000000000001 RSI: ffffffffaa8b0ffc RDI: 00000000ffffffff\n[   79.694650] RBP: ffffad1dc048bc80 R08: 0000000000000000 R09: ffffad1dc048ba90\n[   79.694662] R10: 0000000000000003 R11: ffffffffaad62fe8 R12: ffff9ff302103138\n[   79.694675] R13: ffff9ff306ec8000 R14: ffff9ff307779078 R15: ffff9ff3014c0270\n[   79.694690] FS:  00007ff1cccf1740(0000) GS:ffff9ff3bc200000(0000) knlGS:0000000000000000\n[   79.694705] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   79.694719] CR2: 0000559ecbcb4420 CR3: 0000000013210000 CR4: 00000000000006f0\n[   79.694734] Call Trace:\n[   79.694749]  <TASK>\n[   79.694761]  ? __schedule+0x47f/0x1670\n[   79.694796]  ? psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[   79.694830]  ? lock_is_held_type+0xe3/0x140\n[   79.694864]  ? ww_mutex_lock+0x38/0xa0\n[   79.694885]  ? __cond_resched+0x1c/0x30\n[   79.694902]  ww_mutex_lock+0x38/0xa0\n[   79.694925]  psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[   79.694964]  psb_gem_unpin+0x199/0x1a0 [gma500_gfx]\n[   79.694996]  drm_gem_object_release_handle+0x50/0x60\n[   79.695020]  ? drm_gem_object_handle_put_unlocked+0xf0/0xf0\n[   79.695042]  idr_for_each+0x4b/0xb0\n[   79.695066]  ? _raw_spin_unlock_irqrestore+0x30/0x60\n[   79.695095]  drm_gem_release+0x1c/0x30\n[   79.695118]  drm_file_free.part.0+0x1ea/0x260\n[   79.695150]  drm_release+0x6a/0x120\n[   79.695175]  __fput+0x9f/0x260\n[   79.695203]  task_work_run+0x59/0xa0\n[   79.695227]  do_exit+0x387/0xbe0\n[   79.695250]  ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[   79.695275]  ? lockdep_hardirqs_on+0x7d/0x100\n[   79.695304]  do_group_exit+0x33/0xb0\n[   79.695331]  __x64_sys_exit_group+0x14/0x20\n[   79.695353]  do_syscall_64+0x58/0x80\n[   79.695376]  ? up_read+0x17/0x20\n[   79.695401]  ? lock_is_held_type+0xe3/0x140\n[   79.695429]  ? asm_exc_page_fault+0x22/0x30\n[   79.695450]  ? lockdep_hardirqs_on+0x7d/0x100\n[   79.695473]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[   79.695493] RIP: 0033:0x7ff1ccefe3f1\n[   79.695516] Code: Unable to access opcode bytes at RIP 0x7ff1ccefe3c7.\n[   79.695607] RSP: 002b:00007ffed4413378 EFLAGS: \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 2.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48633', 'https://git.kernel.org/linus/b6f25c3b94f2aadbf5cbef954db4073614943d74 (6.0-rc6)', 'https://git.kernel.org/stable/c/55c077d97fa67e9f19952bb24122a8316b089474', 'https://git.kernel.org/stable/c/b6f25c3b94f2aadbf5cbef954db4073614943d74', 'https://lore.kernel.org/linux-cve-announce/2024042854-CVE-2022-48633-f726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48633', 'https://www.cve.org/CVERecord?id=CVE-2022-48633'], 'PublishedDate': '2024-04-28T13:15:06.56Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2022-48646', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48646', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sfc/siena: fix null pointer dereference in efx_hard_start_xmit', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc/siena: fix null pointer dereference in efx_hard_start_xmit\n\nLike in previous patch for sfc, prevent potential (but unlikely) NULL\npointer dereference.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48646', 'https://git.kernel.org/linus/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa (6.0-rc7)', 'https://git.kernel.org/stable/c/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa', 'https://git.kernel.org/stable/c/a4eadca702dff0768dd01be6789bbec2a18e5b0a', 'https://lore.kernel.org/linux-cve-announce/2024042857-CVE-2022-48646-35f2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48646', 'https://www.cve.org/CVERecord?id=CVE-2022-48646'], 'PublishedDate': '2024-04-28T13:15:07.187Z', 'LastModifiedDate': '2024-08-01T13:43:06.74Z'}, {'VulnerabilityID': 'CVE-2022-48667', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: fix temporary data corruption in insert range', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in insert range\n\ninsert range doesn't discard the affected cached region\nso can risk temporarily corrupting file data.\n\nAlso includes some minor cleanup (avoiding rereading\ninode size repeatedly unnecessarily) to make it clearer.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48667', 'https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4)', 'https://git.kernel.org/stable/c/0cdde8460c304283d4ebe3f767a70215d1ab9d4e', 'https://git.kernel.org/stable/c/9c8b7a293f50253e694f19161c045817a938e551', 'https://lore.kernel.org/linux-cve-announce/2024042802-CVE-2022-48667-0aa2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48667', 'https://www.cve.org/CVERecord?id=CVE-2022-48667'], 'PublishedDate': '2024-04-28T13:15:08.157Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2022-48668', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48668', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: fix temporary data corruption in collapse range', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in collapse range\n\ncollapse range doesn't discard the affected cached region\nso can risk temporarily corrupting the file data. This\nfixes xfstest generic/031\n\nI also decided to merge a minor cleanup to this into the same patch\n(avoiding rereading inode size repeatedly unnecessarily) to make it\nclearer.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48668', 'https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4)', 'https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9', 'https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4', 'https://lore.kernel.org/linux-cve-announce/2024042802-CVE-2022-48668-3790@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48668', 'https://www.cve.org/CVERecord?id=CVE-2022-48668'], 'PublishedDate': '2024-04-28T13:15:08.203Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2022-48673', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/smc: Fix possible access to freed memory in link clear', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S         OE     5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS:  0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  <IRQ>\n  _raw_spin_lock_irqsave+0x30/0x40\n  mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n  smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n  tasklet_action_common.isra.21+0x66/0x100\n  __do_softirq+0xd5/0x29c\n  asm_call_irq_on_stack+0x12/0x20\n  </IRQ>\n  do_softirq_own_stack+0x37/0x40\n  irq_exit_rcu+0x9d/0xa0\n  sysvec_call_function_single+0x34/0x80\n  asm_sysvec_call_function_single+0x12/0x20', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-755'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48673', 'https://git.kernel.org/linus/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968 (6.0-rc5)', 'https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde', 'https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968', 'https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48673-1692@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48673', 'https://www.cve.org/CVERecord?id=CVE-2022-48673'], 'PublishedDate': '2024-05-03T15:15:07.53Z', 'LastModifiedDate': '2024-05-23T20:26:54.16Z'}, {'VulnerabilityID': 'CVE-2022-48703', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48703', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[   71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48703', 'https://git.kernel.org/linus/7931e28098a4c1a2a6802510b0cbe57546d2049d (6.0-rc3)', 'https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d', 'https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2', 'https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48703-3099@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48703', 'https://www.cve.org/CVERecord?id=CVE-2022-48703'], 'PublishedDate': '2024-05-03T16:15:08.65Z', 'LastModifiedDate': '2024-05-06T12:44:56.377Z'}, {'VulnerabilityID': 'CVE-2022-48706', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48706', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vdpa: ifcvf: Do proper cleanup if IFCVF init fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: ifcvf: Do proper cleanup if IFCVF init fails\n\nifcvf_mgmt_dev leaks memory if it is not freed before\nreturning. Call is made to correct return statement\nso memory does not leak. ifcvf_init_hw does not take\ncare of this so it is needed to do it here.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48706', 'https://git.kernel.org/linus/6b04456e248761cf68f562f2fd7c04e591fcac94 (6.2-rc7)', 'https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e', 'https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94', 'https://lore.kernel.org/linux-cve-announce/2024052153-CVE-2022-48706-3175@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48706', 'https://www.cve.org/CVERecord?id=CVE-2022-48706'], 'PublishedDate': '2024-05-21T16:15:12.1Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2022-48744', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48744', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Avoid field-overflowing memcpy()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid field-overflowing memcpy()\n\nIn preparation for FORTIFY_SOURCE performing compile-time and run-time\nfield bounds checking for memcpy(), memmove(), and memset(), avoid\nintentionally writing across neighboring fields.\n\nUse flexible arrays instead of zero-element arrays (which look like they\nare always overflowing) and split the cross-field memcpy() into two halves\nthat can be appropriately bounds-checked by the compiler.\n\nWe were doing:\n\n\t#define ETH_HLEN  14\n\t#define VLAN_HLEN  4\n\t...\n\t#define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN)\n\t...\n        struct mlx5e_tx_wqe      *wqe  = mlx5_wq_cyc_get_wqe(wq, pi);\n\t...\n        struct mlx5_wqe_eth_seg  *eseg = &wqe->eth;\n        struct mlx5_wqe_data_seg *dseg = wqe->data;\n\t...\n\tmemcpy(eseg->inline_hdr.start, xdptxd->data, MLX5E_XDP_MIN_INLINE);\n\ntarget is wqe->eth.inline_hdr.start (which the compiler sees as being\n2 bytes in size), but copying 18, intending to write across start\n(really vlan_tci, 2 bytes). The remaining 16 bytes get written into\nwqe->data[0], covering byte_count (4 bytes), lkey (4 bytes), and addr\n(8 bytes).\n\nstruct mlx5e_tx_wqe {\n        struct mlx5_wqe_ctrl_seg   ctrl;                 /*     0    16 */\n        struct mlx5_wqe_eth_seg    eth;                  /*    16    16 */\n        struct mlx5_wqe_data_seg   data[];               /*    32     0 */\n\n        /* size: 32, cachelines: 1, members: 3 */\n        /* last cacheline: 32 bytes */\n};\n\nstruct mlx5_wqe_eth_seg {\n        u8                         swp_outer_l4_offset;  /*     0     1 */\n        u8                         swp_outer_l3_offset;  /*     1     1 */\n        u8                         swp_inner_l4_offset;  /*     2     1 */\n        u8                         swp_inner_l3_offset;  /*     3     1 */\n        u8                         cs_flags;             /*     4     1 */\n        u8                         swp_flags;            /*     5     1 */\n        __be16                     mss;                  /*     6     2 */\n        __be32                     flow_table_metadata;  /*     8     4 */\n        union {\n                struct {\n                        __be16     sz;                   /*    12     2 */\n                        u8         start[2];             /*    14     2 */\n                } inline_hdr;                            /*    12     4 */\n                struct {\n                        __be16     type;                 /*    12     2 */\n                        __be16     vlan_tci;             /*    14     2 */\n                } insert;                                /*    12     4 */\n                __be32             trailer;              /*    12     4 */\n        };                                               /*    12     4 */\n\n        /* size: 16, cachelines: 1, members: 9 */\n        /* last cacheline: 16 bytes */\n};\n\nstruct mlx5_wqe_data_seg {\n        __be32                     byte_count;           /*     0     4 */\n        __be32                     lkey;                 /*     4     4 */\n        __be64                     addr;                 /*     8     8 */\n\n        /* size: 16, cachelines: 1, members: 3 */\n        /* last cacheline: 16 bytes */\n};\n\nSo, split the memcpy() so the compiler can reason about the buffer\nsizes.\n\n"pahole" shows no size nor member offset changes to struct mlx5e_tx_wqe\nnor struct mlx5e_umr_wqe. "objdump -d" shows no meaningful object\ncode changes (i.e. only source line number induced differences and\noptimizations).', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48744', 'https://git.kernel.org/linus/ad5185735f7dab342fdd0dd41044da4c9ccfef67 (5.17-rc3)', 'https://git.kernel.org/stable/c/8fbdf8c8b8ab82beab882175157650452c46493e', 'https://git.kernel.org/stable/c/ad5185735f7dab342fdd0dd41044da4c9ccfef67', 'https://lore.kernel.org/linux-cve-announce/2024062003-CVE-2022-48744-0f03@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48744', 'https://www.cve.org/CVERecord?id=CVE-2022-48744'], 'PublishedDate': '2024-06-20T12:15:12.7Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-48766', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48766', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.\n\nMirrors the logic for dcn30. Cue lots of WARNs and some\nkernel panics without this fix.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48766', 'https://git.kernel.org/linus/25f1488bdbba63415239ff301fe61a8546140d9f (5.17-rc2)', 'https://git.kernel.org/stable/c/25f1488bdbba63415239ff301fe61a8546140d9f', 'https://git.kernel.org/stable/c/456ba2433844a6483cc4c933aa8f43d24575e341', 'https://lore.kernel.org/linux-cve-announce/2024062010-CVE-2022-48766-3b8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48766', 'https://www.cve.org/CVERecord?id=CVE-2022-48766'], 'PublishedDate': '2024-06-20T12:15:14.617Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-48771', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48771', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Fix stale file descriptors on failed usercopy', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix stale file descriptors on failed usercopy\n\nA failing usercopy of the fence_rep object will lead to a stale entry in\nthe file descriptor table as put_unused_fd() won't release it. This\nenables userland to refer to a dangling 'file' object through that still\nvalid file descriptor, leading to all kinds of use-after-free\nexploitation scenarios.\n\nFix this by deferring the call to fd_install() until after the usercopy\nhas succeeded.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48771', 'https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c (5.17-rc2)', 'https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d', 'https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565', 'https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c', 'https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82', 'https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c', 'https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414', 'https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516', 'https://lore.kernel.org/linux-cve-announce/2024062011-CVE-2022-48771-2c90@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48771', 'https://www.cve.org/CVERecord?id=CVE-2022-48771'], 'PublishedDate': '2024-06-20T12:15:15.043Z', 'LastModifiedDate': '2024-06-20T12:43:25.663Z'}, {'VulnerabilityID': 'CVE-2022-48816', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: SUNRPC: lock against -&gt;sock changing during sysfs read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against ->sock changing during sysfs read\n\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex.  Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before\nhandling sysfs reads") appears to attempt to fix this problem, but it\nonly narrows the race window.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48816', 'https://git.kernel.org/linus/b49ea673e119f59c71645e2f65b3ccad857c90ee (5.17-rc4)', 'https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07', 'https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee', 'https://lore.kernel.org/linux-cve-announce/2024071648-CVE-2022-48816-e2a3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48816', 'https://www.cve.org/CVERecord?id=CVE-2022-48816'], 'PublishedDate': '2024-07-16T12:15:05.687Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2022-48887', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Remove rcu locks from user resources', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48887', 'https://git.kernel.org/linus/a309c7194e8a2f8bd4539b9449917913f6c2cd50 (6.2-rc4)', 'https://git.kernel.org/stable/c/7ac9578e45b20e3f3c0c8eb71f5417a499a7226a', 'https://git.kernel.org/stable/c/a309c7194e8a2f8bd4539b9449917913f6c2cd50', 'https://lore.kernel.org/linux-cve-announce/2024082109-CVE-2022-48887-4019@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48887', 'https://www.cve.org/CVERecord?id=CVE-2022-48887'], 'PublishedDate': '2024-08-21T07:15:05.143Z', 'LastModifiedDate': '2024-09-06T14:55:46.46Z'}, {'VulnerabilityID': 'CVE-2022-48893', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/gt: Cleanup partial engine discovery failures', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Cleanup partial engine discovery failures\n\nIf we abort driver initialisation in the middle of gt/engine discovery,\nsome engines will be fully setup and some not. Those incompletely setup\nengines only have 'engine->release == NULL' and so will leak any of the\ncommon objects allocated.\n\nv2:\n - Drop the destroy_pinned_context() helper for now.  It's not really\n   worth it with just a single callsite at the moment.  (Janusz)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48893', 'https://git.kernel.org/linus/78a033433a5ae4fee85511ee075bc9a48312c79e (6.2-rc1)', 'https://git.kernel.org/stable/c/5c855bcc730656c4b7d30aaddcd0eafc7003e112', 'https://git.kernel.org/stable/c/78a033433a5ae4fee85511ee075bc9a48312c79e', 'https://lore.kernel.org/linux-cve-announce/2024082110-CVE-2022-48893-8d4c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48893', 'https://www.cve.org/CVERecord?id=CVE-2022-48893'], 'PublishedDate': '2024-08-21T07:15:05.477Z', 'LastModifiedDate': '2024-09-11T15:55:09.243Z'}, {'VulnerabilityID': 'CVE-2022-48895', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: iommu/arm-smmu: Don't unregister on shutdown", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Don\'t unregister on shutdown\n\nMichael Walle says he noticed the following stack trace while performing\na shutdown with "reboot -f". He suggests he got "lucky" and just hit the\ncorrect spot for the reboot while there was a packet transmission in\nflight.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000098\nCPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 6.1.0-rc5-00088-gf3600ff8e322 #1930\nHardware name: Kontron KBox A-230-LS (DT)\npc : iommu_get_dma_domain+0x14/0x20\nlr : iommu_dma_map_page+0x9c/0x254\nCall trace:\n iommu_get_dma_domain+0x14/0x20\n dma_map_page_attrs+0x1ec/0x250\n enetc_start_xmit+0x14c/0x10b0\n enetc_xmit+0x60/0xdc\n dev_hard_start_xmit+0xb8/0x210\n sch_direct_xmit+0x11c/0x420\n __dev_queue_xmit+0x354/0xb20\n ip6_finish_output2+0x280/0x5b0\n __ip6_finish_output+0x15c/0x270\n ip6_output+0x78/0x15c\n NF_HOOK.constprop.0+0x50/0xd0\n mld_sendpack+0x1bc/0x320\n mld_ifc_work+0x1d8/0x4dc\n process_one_work+0x1e8/0x460\n worker_thread+0x178/0x534\n kthread+0xe0/0xe4\n ret_from_fork+0x10/0x20\nCode: d503201f f9416800 d503233f d50323bf (f9404c00)\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt\n\nThis appears to be reproducible when the board has a fixed IP address,\nis ping flooded from another host, and "reboot -f" is used.\n\nThe following is one more manifestation of the issue:\n\n$ reboot -f\nkvm: exiting hardware virtualization\ncfg80211: failed to load regulatory.db\narm-smmu 5000000.iommu: disabling translation\nsdhci-esdhc 2140000.mmc: Removing from iommu group 11\nsdhci-esdhc 2150000.mmc: Removing from iommu group 12\nfsl-edma 22c0000.dma-controller: Removing from iommu group 17\ndwc3 3100000.usb: Removing from iommu group 9\ndwc3 3110000.usb: Removing from iommu group 10\nahci-qoriq 3200000.sata: Removing from iommu group 2\nfsl-qdma 8380000.dma-controller: Removing from iommu group 20\nplatform f080000.display: Removing from iommu group 0\netnaviv-gpu f0c0000.gpu: Removing from iommu group 1\netnaviv etnaviv: Removing from iommu group 1\ncaam_jr 8010000.jr: Removing from iommu group 13\ncaam_jr 8020000.jr: Removing from iommu group 14\ncaam_jr 8030000.jr: Removing from iommu group 15\ncaam_jr 8040000.jr: Removing from iommu group 16\nfsl_enetc 0000:00:00.0: Removing from iommu group 4\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000\nfsl_enetc 0000:00:00.1: Removing from iommu group 5\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x80000002, GFSYNR0 0x00000002, GFSYNR1 0x00000429, GFSYNR2 0x00000000\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000\nfsl_enetc 0000:00:00.2: Removing from iommu group 6\nfsl_enetc_mdio 0000:00:00.3: Removing from iommu group 8\nmscc_felix 0000:00:00.5: Removing from iommu group 3\nfsl_enetc 0000:00:00.6: Removing from iommu group 7\npcieport 0001:00:00.0: Removing from iommu group 18\narm-smmu 5000000.iommu: Blocked unknown Stream ID 0x429; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications\narm-smmu 5000000.iommu:         GFSR 0x00000002, GFSYNR0 0x00000000, GFSYNR1 0x00000429, GFSYNR2 0x00000000\npcieport 0002:00:00.0: Removing from iommu group 19\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\npc : iommu_get_dma_domain+0x14/0x20\nlr : iommu_dma_unmap_page+0x38/0xe0\nCall trace:\n iommu_get_dma_domain+0x14/0x20\n dma_unmap_page_attrs+0x38/0x1d0\n en\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48895', 'https://git.kernel.org/linus/ce31e6ca68bd7639bd3e5ef97be215031842bbab (6.2-rc4)', 'https://git.kernel.org/stable/c/a1b9c7b1978aacf4b2f33e34bde1e2bb80b8497a', 'https://git.kernel.org/stable/c/ce31e6ca68bd7639bd3e5ef97be215031842bbab', 'https://lore.kernel.org/linux-cve-announce/2024082110-CVE-2022-48895-1370@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48895', 'https://www.cve.org/CVERecord?id=CVE-2022-48895'], 'PublishedDate': '2024-08-21T07:15:05.58Z', 'LastModifiedDate': '2024-09-11T16:01:23.487Z'}, {'VulnerabilityID': 'CVE-2022-48929', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-48929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg->type to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-48929', 'https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)', 'https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1', 'https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae', 'https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc', 'https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48929', 'https://www.cve.org/CVERecord?id=CVE-2022-48929'], 'PublishedDate': '2024-08-22T04:15:15.773Z', 'LastModifiedDate': '2024-08-23T02:00:22.653Z'}, {'VulnerabilityID': 'CVE-2023-0030', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Use after Free in nvkm_vmm_pfn_map', 'Description': 'A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0030', 'https://bugzilla.redhat.com/show_bug.cgi?id=2157270', 'https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)', 'https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10', 'https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/', 'https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0030', 'https://security.netapp.com/advisory/ntap-20230413-0010/', 'https://www.cve.org/CVERecord?id=CVE-2023-0030'], 'PublishedDate': '2023-03-08T23:15:10.963Z', 'LastModifiedDate': '2023-04-13T17:15:09.433Z'}, {'VulnerabilityID': 'CVE-2023-0160', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0160', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: possibility of deadlock in libbpf function sock_hash_delete_elem', 'Description': 'A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-833'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-0160', 'https://bugzilla.redhat.com/show_bug.cgi?id=2159764', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56', 'https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/', 'https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/', 'https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0160', 'https://www.cve.org/CVERecord?id=CVE-2023-0160'], 'PublishedDate': '2023-07-18T17:15:11.313Z', 'LastModifiedDate': '2023-11-07T03:59:46.343Z'}, {'VulnerabilityID': 'CVE-2023-1193', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-1193', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in setup_async_work()', 'Description': 'A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-1193', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154177', 'https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-1193', 'https://www.cve.org/CVERecord?id=CVE-2023-1193'], 'PublishedDate': '2023-11-01T20:15:08.663Z', 'LastModifiedDate': '2023-11-09T15:13:51.737Z'}, {'VulnerabilityID': 'CVE-2023-2007', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-2007', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: DPT I2O controller TOCTOU information disclosure vulnerability', 'Description': 'The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667', 'CWE-367'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-2007', 'https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0', 'https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html', 'https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-2007', 'https://security.netapp.com/advisory/ntap-20240119-0011/', 'https://www.cve.org/CVERecord?id=CVE-2023-2007', 'https://www.debian.org/security/2023/dsa-5480', 'https://www.zerodayinitiative.com/advisories/ZDI-23-440/'], 'PublishedDate': '2023-04-24T23:15:18.877Z', 'LastModifiedDate': '2024-02-01T01:39:22.507Z'}, {'VulnerabilityID': 'CVE-2023-26242', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26242', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...', 'Description': 'afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://bugzilla.suse.com/show_bug.cgi?id=1208518', 'https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26242', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com', 'https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/', 'https://security.netapp.com/advisory/ntap-20230406-0002/', 'https://www.cve.org/CVERecord?id=CVE-2023-26242'], 'PublishedDate': '2023-02-21T01:15:11.423Z', 'LastModifiedDate': '2024-03-25T01:15:53.57Z'}, {'VulnerabilityID': 'CVE-2023-31082', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-31082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sleeping function called from an invalid context in gsmld_write', 'Description': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-31082', 'https://bugzilla.suse.com/show_bug.cgi?id=1210781', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/', 'https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-31082', 'https://security.netapp.com/advisory/ntap-20230929-0003/', 'https://www.cve.org/CVERecord?id=CVE-2023-31082'], 'PublishedDate': '2023-04-24T06:15:07.783Z', 'LastModifiedDate': '2024-08-02T15:16:00.853Z'}, {'VulnerabilityID': 'CVE-2023-45896', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45896', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ntfs3: kernel memory read by mounting a filesystem', 'Description': "ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45896', 'https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11', 'https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50', 'https://git.kernel.org/linus/013ff63b649475f0ee134e2c8d0c8e65284ede50 (6.6-rc7)', 'https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45896', 'https://www.cve.org/CVERecord?id=CVE-2023-45896'], 'PublishedDate': '2024-08-28T05:15:13.657Z', 'LastModifiedDate': '2024-09-04T15:15:13.16Z'}, {'VulnerabilityID': 'CVE-2023-52452', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52452', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fix accesses to uninit stack slots', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state->allocated_stack, but not below it. In other words, if the\nstack was already "large enough", the access was permitted, but\notherwise the access was rejected instead of being allowed to "grow the\nstack". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn\'t be updated - global_func16 - because it\ncan\'t run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they\'re inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction\'s needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-665'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52452', 'https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19', 'https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529', 'https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde', 'https://lore.kernel.org/linux-cve-announce/2024022258-CVE-2023-52452-7904@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52452', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52452'], 'PublishedDate': '2024-02-22T17:15:08.83Z', 'LastModifiedDate': '2024-03-18T18:24:33.55Z'}, {'VulnerabilityID': 'CVE-2023-52481', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52481', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn't necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52481', 'https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)', 'https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25', 'https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513', 'https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c', 'https://lore.kernel.org/linux-cve-announce/2024022922-CVE-2023-52481-99a8@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52481', 'https://www.cve.org/CVERecord?id=CVE-2023-52481'], 'PublishedDate': '2024-02-29T06:15:46.06Z', 'LastModifiedDate': '2024-02-29T13:49:29.39Z'}, {'VulnerabilityID': 'CVE-2023-52485', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52485', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Wake DMCUB before sending a command cause deadlock', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52485', 'https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1)', 'https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009', 'https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39', 'https://lore.kernel.org/linux-cve-announce/20240229150009.1525992-2-lee@kernel.org/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52485', 'https://www.cve.org/CVERecord?id=CVE-2023-52485'], 'PublishedDate': '2024-02-29T15:15:07.397Z', 'LastModifiedDate': '2024-02-29T18:06:42.01Z'}, {'VulnerabilityID': 'CVE-2023-52508', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52508', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52508', 'https://git.kernel.org/linus/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c (6.6-rc2)', 'https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c', 'https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea', 'https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7', 'https://lore.kernel.org/linux-cve-announce/2024030250-CVE-2023-52508-359c@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52508', 'https://www.cve.org/CVERecord?id=CVE-2023-52508'], 'PublishedDate': '2024-03-02T22:15:47.493Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52561', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52561', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: arm64: dts: qcom: sdm845-db845c: unreserved cont splash memory region leads to kernel panic', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved\n\nAdding a reserved memory region for the framebuffer memory\n(the splash memory region set up by the bootloader).\n\nIt fixes a kernel panic (arm-smmu: Unhandled context fault\nat this particular memory region) reported on DB845c running\nv5.10.y.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52561', 'https://git.kernel.org/linus/110e70fccce4f22b53986ae797d665ffb1950aa6 (6.6-rc1)', 'https://git.kernel.org/stable/c/110e70fccce4f22b53986ae797d665ffb1950aa6', 'https://git.kernel.org/stable/c/82dacd0ca0d9640723824026d6fdf773c02de1d2', 'https://git.kernel.org/stable/c/dc1ab6577475b0460ba4261cd9caec37bd62ca0b', 'https://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52561-89b2@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52561', 'https://www.cve.org/CVERecord?id=CVE-2023-52561'], 'PublishedDate': '2024-03-02T22:15:48.803Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52569', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52569', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: improper BUG() call after failure to insert delayed dir index item', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node's tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52569', 'https://git.kernel.org/linus/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9 (6.6-rc2)', 'https://git.kernel.org/stable/c/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9', 'https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f', 'https://git.kernel.org/stable/c/d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52569', 'https://www.cve.org/CVERecord?id=CVE-2023-52569'], 'PublishedDate': '2024-03-02T22:15:49.163Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52572', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52572', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cifs: use-after-free in cifs_demultiplex_thread()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix UAF in cifs_demultiplex_thread()\n\nThere is a UAF when xfstests on cifs:\n\n  BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160\n  Read of size 4 at addr ffff88810103fc08 by task cifsd/923\n\n  CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45\n  ...\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x34/0x44\n   print_report+0x171/0x472\n   kasan_report+0xad/0x130\n   kasan_check_range+0x145/0x1a0\n   smb2_is_network_name_deleted+0x27/0x160\n   cifs_demultiplex_thread.cold+0x172/0x5a4\n   kthread+0x165/0x1a0\n   ret_from_fork+0x1f/0x30\n   </TASK>\n\n  Allocated by task 923:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   __kasan_slab_alloc+0x54/0x60\n   kmem_cache_alloc+0x147/0x320\n   mempool_alloc+0xe1/0x260\n   cifs_small_buf_get+0x24/0x60\n   allocate_buffers+0xa1/0x1c0\n   cifs_demultiplex_thread+0x199/0x10d0\n   kthread+0x165/0x1a0\n   ret_from_fork+0x1f/0x30\n\n  Freed by task 921:\n   kasan_save_stack+0x1e/0x40\n   kasan_set_track+0x21/0x30\n   kasan_save_free_info+0x2a/0x40\n   ____kasan_slab_free+0x143/0x1b0\n   kmem_cache_free+0xe3/0x4d0\n   cifs_small_buf_release+0x29/0x90\n   SMB2_negotiate+0x8b7/0x1c60\n   smb2_negotiate+0x51/0x70\n   cifs_negotiate_protocol+0xf0/0x160\n   cifs_get_smb_ses+0x5fa/0x13c0\n   mount_get_conns+0x7a/0x750\n   cifs_mount+0x103/0xd00\n   cifs_smb3_do_mount+0x1dd/0xcb0\n   smb3_get_tree+0x1d5/0x300\n   vfs_get_tree+0x41/0xf0\n   path_mount+0x9b3/0xdd0\n   __x64_sys_mount+0x190/0x1d0\n   do_syscall_64+0x35/0x80\n   entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe UAF is because:\n\n mount(pid: 921)               | cifsd(pid: 923)\n-------------------------------|-------------------------------\n                               | cifs_demultiplex_thread\nSMB2_negotiate                 |\n cifs_send_recv                |\n  compound_send_recv           |\n   smb_send_rqst               |\n    wait_for_response          |\n     wait_event_state      [1] |\n                               |  standard_receive3\n                               |   cifs_handle_standard\n                               |    handle_mid\n                               |     mid->resp_buf = buf;  [2]\n                               |     dequeue_mid           [3]\n     KILL the process      [4] |\n    resp_iov[i].iov_base = buf |\n free_rsp_buf              [5] |\n                               |   is_network_name_deleted [6]\n                               |   callback\n\n1. After send request to server, wait the response until\n    mid->mid_state != SUBMITTED;\n2. Receive response from server, and set it to mid;\n3. Set the mid state to RECEIVED;\n4. Kill the process, the mid state already RECEIVED, get 0;\n5. Handle and release the negotiate response;\n6. UAF.\n\nIt can be easily reproduce with add some delay in [3] - [6].\n\nOnly sync call has the problem since async call's callback is\nexecuted in cifsd process.\n\nAdd an extra state to mark the mid state to READY before wakeup the\nwaitter, then it can get the resp safely.", 'Severity': 'MEDIUM', 'References': ['https://access.redhat.com/security/cve/CVE-2023-52572', 'https://git.kernel.org/linus/d527f51331cace562393a8038d870b3e9916686f (6.6-rc3)', 'https://git.kernel.org/stable/c/76569e3819e0bb59fc19b1b8688b017e627c268a', 'https://git.kernel.org/stable/c/908b3b5e97d25e879de3d1f172a255665491c2c3', 'https://git.kernel.org/stable/c/d527f51331cace562393a8038d870b3e9916686f', 'https://lore.kernel.org/linux-cve-announce/2024030256-CVE-2023-52572-2b92@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52572', 'https://www.cve.org/CVERecord?id=CVE-2023-52572'], 'PublishedDate': '2024-03-02T22:15:49.3Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52576', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52576', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/mm, kexec, ima: potential use-after-free in memblock_isolate_range()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()\n\nThe code calling ima_free_kexec_buffer() runs long after the memblock\nallocator has already been torn down, potentially resulting in a use\nafter free in memblock_isolate_range().\n\nWith KASAN or KFENCE, this use after free will result in a BUG\nfrom the idle task, and a subsequent kernel panic.\n\nSwitch ima_free_kexec_buffer() over to memblock_free_late() to avoid\nthat bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52576', 'https://git.kernel.org/linus/34cf99c250d5cd2530b93a57b0de31d3aaf8685b (6.6-rc3)', 'https://git.kernel.org/stable/c/34cf99c250d5cd2530b93a57b0de31d3aaf8685b', 'https://git.kernel.org/stable/c/d2dfbc0e3b7a04c2d941421a958dc31c897fb204', 'https://git.kernel.org/stable/c/eef16bfdb212da60f5144689f2967fb25b051a2b', 'https://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52576-7ee2@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52576', 'https://www.cve.org/CVERecord?id=CVE-2023-52576'], 'PublishedDate': '2024-03-02T22:15:49.49Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52582', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52582', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfs: improper loop in netfs_rreq_unlock_folios()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only call folio_start_fscache() one time for each folio\n\nIf a network filesystem using netfs implements a clamp_length()\nfunction, it can set subrequest lengths smaller than a page size.\n\nWhen we loop through the folios in netfs_rreq_unlock_folios() to\nset any folios to be written back, we need to make sure we only\ncall folio_start_fscache() once for each folio.\n\nOtherwise, this simple testcase:\n\n  mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs\n  dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1\n  1+0 records in\n  1+0 records out\n  4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s\n  echo 3 > /proc/sys/vm/drop_caches\n  cat /mnt/nfs/file.bin > /dev/null\n\nwill trigger an oops similar to the following:\n\n  page dumped because: VM_BUG_ON_FOLIO(folio_test_private_2(folio))\n  ------------[ cut here ]------------\n  kernel BUG at include/linux/netfs.h:44!\n  ...\n  CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5\n  ...\n  RIP: 0010:netfs_rreq_unlock_folios+0x68e/0x730 [netfs]\n  ...\n  Call Trace:\n    netfs_rreq_assess+0x497/0x660 [netfs]\n    netfs_subreq_terminated+0x32b/0x610 [netfs]\n    nfs_netfs_read_completion+0x14e/0x1a0 [nfs]\n    nfs_read_completion+0x2f9/0x330 [nfs]\n    rpc_free_task+0x72/0xa0 [sunrpc]\n    rpc_async_release+0x46/0x70 [sunrpc]\n    process_one_work+0x3bd/0x710\n    worker_thread+0x89/0x610\n    kthread+0x181/0x1c0\n    ret_from_fork+0x29/0x50', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52582', 'https://git.kernel.org/linus/df1c357f25d808e30b216188330e708e09e1a412 (6.6-rc3)', 'https://git.kernel.org/stable/c/d9f5537479d4ec97ea92ff24e81a517d5772581a', 'https://git.kernel.org/stable/c/df1c357f25d808e30b216188330e708e09e1a412', 'https://git.kernel.org/stable/c/df9950d37df113db59495fa09d060754366a2b7c', 'https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52582-07c8@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52582', 'https://www.cve.org/CVERecord?id=CVE-2023-52582'], 'PublishedDate': '2024-03-02T22:15:49.77Z', 'LastModifiedDate': '2024-03-04T13:58:23.447Z'}, {'VulnerabilityID': 'CVE-2023-52586', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52586', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: Add mutex lock in control vblank irq', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add mutex lock in control vblank irq\n\nAdd a mutex lock to control vblank irq to synchronize vblank\nenable/disable operations happening from different threads to prevent\nrace conditions while registering/unregistering the vblank irq callback.\n\nv4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a\n    parameter of dpu_encoder_phys.\n    -Switch from atomic refcnt to a simple int counter as mutex has\n    now been added\nv3: Mistakenly did not change wording in last version. It is done now.\nv2: Slightly changed wording of commit message\n\nPatchwork: https://patchwork.freedesktop.org/patch/571854/', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52586', 'https://git.kernel.org/linus/45284ff733e4caf6c118aae5131eb7e7cf3eea5a (6.8-rc1)', 'https://git.kernel.org/stable/c/14f109bf74dd67e1d0469fed859c8e506b0df53f', 'https://git.kernel.org/stable/c/45284ff733e4caf6c118aae5131eb7e7cf3eea5a', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52586-3ecb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52586', 'https://www.cve.org/CVERecord?id=CVE-2023-52586'], 'PublishedDate': '2024-03-06T07:15:07.443Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52589', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52589', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: rkisp1: Fix IRQ disable race issue', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ disable race issue\n\nIn rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the\ninterrupts and then apparently assumes that the interrupt handler won't\nbe running, and proceeds in the stop procedure. This is not the case, as\nthe interrupt handler can already be running, which would lead to the\nISP being disabled while the interrupt handler handling a captured\nframe.\n\nThis brings up two issues: 1) the ISP could be powered off while the\ninterrupt handler is still running and accessing registers, leading to\nboard lockup, and 2) the interrupt handler code and the code that\ndisables the streaming might do things that conflict.\n\nIt is not clear to me if 2) causes a real issue, but 1) can be seen with\na suitable delay (or printk in my case) in the interrupt handler,\nleading to board lockup.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52589', 'https://git.kernel.org/linus/870565f063a58576e8a4529f122cac4325c6b395 (6.8-rc1)', 'https://git.kernel.org/stable/c/7bb1a2822aa2c2de4e09bf7c56dd93bd532f1fa7', 'https://git.kernel.org/stable/c/870565f063a58576e8a4529f122cac4325c6b395', 'https://git.kernel.org/stable/c/bf808f58681cab64c81cd814551814fd34e540fe', 'https://git.kernel.org/stable/c/fab483438342984f2a315fe13c882a80f0f7e545', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52589-8f84@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52589', 'https://ubuntu.com/security/notices/USN-6688-1', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52589'], 'PublishedDate': '2024-03-06T07:15:08.053Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52590', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52590', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: Avoid touching renamed directory if parent does not change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change ocfs2 rename code to avoid touching renamed directory if\nits parent does not change as without locking that can corrupt the\nfilesystem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52590', 'https://git.kernel.org/linus/9d618d19b29c2943527e3a43da0a35aea91062fc (6.8-rc1)', 'https://git.kernel.org/stable/c/9d618d19b29c2943527e3a43da0a35aea91062fc', 'https://git.kernel.org/stable/c/de940cede3c41624e2de27f805b490999f419df9', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52590-fca9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52590', 'https://www.cve.org/CVERecord?id=CVE-2023-52590'], 'PublishedDate': '2024-03-06T07:15:08.297Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52591', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52591', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: reiserfs: Avoid touching renamed directory if parent does not change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52591', 'https://git.kernel.org/linus/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed (6.8-rc1)', 'https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc', 'https://git.kernel.org/stable/c/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed', 'https://git.kernel.org/stable/c/c04c162f82ac403917780eb6d1654694455d4e7c', 'https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52591-46a0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52591', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52591'], 'PublishedDate': '2024-03-06T07:15:08.51Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52593', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52593', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()\n\nSince 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()'\nshould check the return value before examining skb data. So convert\nthe latter to return an appropriate error code and propagate it to\nreturn from 'wfx_start_ap()' as well. Compile tested only.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52593', 'https://git.kernel.org/linus/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d (6.8-rc1)', 'https://git.kernel.org/stable/c/3739121443f5114c6bcf6d841a5124deb006b878', 'https://git.kernel.org/stable/c/574dcd3126aa2eed75437137843f254b1190dd03', 'https://git.kernel.org/stable/c/9ab224744a47363f74ea29c6894c405e3bcf5132', 'https://git.kernel.org/stable/c/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d', 'https://lore.kernel.org/linux-cve-announce/2024030645-CVE-2023-52593-14ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52593', 'https://ubuntu.com/security/notices/USN-6688-1', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52593'], 'PublishedDate': '2024-03-06T07:15:08.94Z', 'LastModifiedDate': '2024-03-06T15:18:08.093Z'}, {'VulnerabilityID': 'CVE-2023-52624', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52624', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Wake DMCUB before executing GPINT commands', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before executing GPINT commands\n\n[Why]\nDMCUB can be in idle when we attempt to interface with the HW through\nthe GPINT mailbox resulting in a system hang.\n\n[How]\nAdd dc_wake_and_execute_gpint() to wrap the wake, execute, sleep\nsequence.\n\nIf the GPINT executes successfully then DMCUB will be put back into\nsleep after the optional response is returned.\n\nIt functions similar to the inbox command interface.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52624', 'https://git.kernel.org/linus/e5ffd1263dd5b44929c676171802e7b6af483f21 (6.8-rc1)', 'https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d', 'https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-10-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52624', 'https://www.cve.org/CVERecord?id=CVE-2023-52624'], 'PublishedDate': '2024-03-26T18:15:08.99Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2023-52625', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52625', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Refactor DMCUB enter/exit idle interface', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Refactor DMCUB enter/exit idle interface\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nWe need to exit out of the idle state prior to sending a command,\nbut the process that performs the exit also invokes a command itself.\n\nFixing this issue involves the following:\n\n1. Using a software state to track whether or not we need to start\n   the process to exit idle or notify idle.\n\nIt's possible for the hardware to have exited an idle state without\ndriver knowledge, but entering one is always restricted to a driver\nallow - which makes the SW state vs HW state mismatch issue purely one\nof optimization, which should seldomly be hit, if at all.\n\n2. Refactor any instances of exit/notify idle to use a single wrapper\n   that maintains this SW state.\n\nThis works simialr to dc_allow_idle_optimizations, but works at the\nDMCUB level and makes sure the state is marked prior to any notify/exit\nidle so we don't enter an infinite loop.\n\n3. Make sure we exit out of idle prior to sending any commands or\n   waiting for DMCUB idle.\n\nThis patch takes care of 1/2. A future patch will take care of wrapping\nDMCUB command submission with calls to this new interface.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52625', 'https://git.kernel.org/linus/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa (6.8-rc1)', 'https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f', 'https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-11-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52625', 'https://www.cve.org/CVERecord?id=CVE-2023-52625'], 'PublishedDate': '2024-03-26T18:15:09.04Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2023-52632', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52632', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: lock dependency warning with srcu', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning with srcu\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-yangp #2289 Not tainted\n------------------------------------------------------\nkworker/0:2/996 is trying to acquire lock:\n        (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0\n\nbut task is already holding lock:\n        ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at:\n\tprocess_one_work+0x211/0x560\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}:\n        __flush_work+0x88/0x4f0\n        svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu]\n        svm_range_set_attr+0xd6/0x14c0 [amdgpu]\n        kfd_ioctl+0x1d1/0x630 [amdgpu]\n        __x64_sys_ioctl+0x88/0xc0\n\n-> #2 (&info->lock#2){+.+.}-{3:3}:\n        __mutex_lock+0x99/0xc70\n        amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]\n        restore_process_helper+0x22/0x80 [amdgpu]\n        restore_process_worker+0x2d/0xa0 [amdgpu]\n        process_one_work+0x29b/0x560\n        worker_thread+0x3d/0x3d0\n\n-> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}:\n        __flush_work+0x88/0x4f0\n        __cancel_work_timer+0x12c/0x1c0\n        kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]\n        __mmu_notifier_release+0xad/0x240\n        exit_mmap+0x6a/0x3a0\n        mmput+0x6a/0x120\n        do_exit+0x322/0xb90\n        do_group_exit+0x37/0xa0\n        __x64_sys_exit_group+0x18/0x20\n        do_syscall_64+0x38/0x80\n\n-> #0 (srcu){.+.+}-{0:0}:\n        __lock_acquire+0x1521/0x2510\n        lock_sync+0x5f/0x90\n        __synchronize_srcu+0x4f/0x1a0\n        __mmu_notifier_release+0x128/0x240\n        exit_mmap+0x6a/0x3a0\n        mmput+0x6a/0x120\n        svm_range_deferred_list_work+0x19f/0x350 [amdgpu]\n        process_one_work+0x29b/0x560\n        worker_thread+0x3d/0x3d0\n\nother info that might help us debug this:\nChain exists of:\n  srcu --> &info->lock#2 --> (work_completion)(&svms->deferred_list_work)\n\nPossible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n        lock((work_completion)(&svms->deferred_list_work));\n                        lock(&info->lock#2);\n\t\t\tlock((work_completion)(&svms->deferred_list_work));\n        sync(srcu);', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52632', 'https://git.kernel.org/linus/2a9de42e8d3c82c6990d226198602be44f43f340 (6.8-rc1)', 'https://git.kernel.org/stable/c/1556c242e64cdffe58736aa650b0b395854fe4d4', 'https://git.kernel.org/stable/c/2a9de42e8d3c82c6990d226198602be44f43f340', 'https://git.kernel.org/stable/c/752312f6a79440086ac0f9b08d7776870037323c', 'https://git.kernel.org/stable/c/b602f098f716723fa5c6c96a486e0afba83b7b94', 'https://lore.kernel.org/linux-cve-announce/2024040218-CVE-2023-52632-f7bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52632', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52632'], 'PublishedDate': '2024-04-02T07:15:41.01Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2023-52634', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52634', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix disable_otg_wa logic', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix disable_otg_wa logic\n\n[Why]\nWhen switching to another HDMI mode, we are unnecesarilly\ndisabling/enabling FIFO causing both HPO and DIG registers to be set at\nthe same time when only HPO is supposed to be set.\n\nThis can lead to a system hang the next time we change refresh rates as\nthere are cases when we don't disable OTG/FIFO but FIFO is enabled when\nit isn't supposed to be.\n\n[How]\nRemoving the enable/disable FIFO entirely.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52634', 'https://git.kernel.org/linus/2ce156482a6fef349d2eba98e5070c412d3af662 (6.8-rc1)', 'https://git.kernel.org/stable/c/2ce156482a6fef349d2eba98e5070c412d3af662', 'https://git.kernel.org/stable/c/ce29728ef6485a367934cc100249c66dd3cde5b6', 'https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2023-52634-27e0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52634', 'https://www.cve.org/CVERecord?id=CVE-2023-52634'], 'PublishedDate': '2024-04-02T07:15:41.177Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2023-52648', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52648', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Unmap the surface before resetting it on a plane state\n\nSwitch to a new plane state requires unreferencing of all held surfaces.\nIn the work required for mob cursors the mapped surfaces started being\ncached but the variable indicating whether the surface is currently\nmapped was not being reset. This leads to crashes as the duplicated\nstate, incorrectly, indicates the that surface is mapped even when\nno surface is present. That's because after unreferencing the surface\nit's perfectly possible for the plane to be backed by a bo instead of a\nsurface.\n\nReset the surface mapped flag when unreferencing the plane state surface\nto fix null derefs in cleanup. Fixes crashes in KDE KWin 6.0 on Wayland:\n\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 4 PID: 2533 Comm: kwin_wayland Not tainted 6.7.0-rc3-vmwgfx #2\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\nCode: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f>\nRSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600\nRBP: ffff969d4143dc50 R08: 0000000000000000 R09: ffffb6b98216f920\nR10: 0000000000000003 R11: ffff969e7feb3b10 R12: 0000000000000000\nR13: 0000000000000000 R14: 000000000000027b R15: ffff969d49c9fc00\nFS:  00007f1e8f1b4180(0000) GS:ffff969e75f00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000028 CR3: 0000000104006004 CR4: 00000000003706f0\nCall Trace:\n <TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\n drm_atomic_helper_cleanup_planes+0x9b/0xc0\n commit_tail+0xd1/0x130\n drm_atomic_helper_commit+0x11a/0x140\n drm_atomic_commit+0x97/0xd0\n ? __pfx___drm_printfn_info+0x10/0x10\n drm_atomic_helper_update_plane+0xf5/0x160\n drm_mode_cursor_universal+0x10e/0x270\n drm_mode_cursor_common+0x102/0x230\n ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10\n drm_ioctl_kernel+0xb2/0x110\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10\n ? __pfx_drm_ioctl+0x10/0x10\n vmw_generic_ioctl+0xa4/0x110 [vmwgfx]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x61/0xe0\n ? __x64_sys_ioctl+0xaf/0xd0\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? do_syscall_64+0x70/0xe0\n ? __x64_sys_ioctl+0xaf/0xd0\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? do_syscall_64+0x70/0xe0\n ? exc_page_fault+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\nRIP: 0033:0x7f1e93f279ed\nCode: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff f>\nRSP: 002b:00007ffca0faf600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055db876ed2c0 RCX: 00007f1e93f279ed\nRDX: 00007ffca0faf6c0 RSI: 00000000c02464bb RDI: 0000000000000015\nRBP: 00007ffca0faf650 R08: 000055db87184010 R09: 0000000000000007\nR10: 000055db886471a0 R11: 0000000000000246 R12: 00007ffca0faf6c0\nR13: 00000000c02464bb R14: 0000000000000015 R15: 00007ffca0faf790\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_ine>\nCR2: 0000000000000028\n---[ end trace 0000000000000000 ]---\nRIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\nCode: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f>\nRSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600\nRBP: ffff969d4143\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2023-52648', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/27571c64f1855881753e6f33c3186573afbab7ba (6.9-rc1)', 'https://git.kernel.org/stable/c/0a23f95af7f28dae7c0f7c82578ca5e1a239d461', 'https://git.kernel.org/stable/c/105f72cc48c4c93f4578fcc61e06276471858e92', 'https://git.kernel.org/stable/c/27571c64f1855881753e6f33c3186573afbab7ba', 'https://git.kernel.org/stable/c/75baad63c033b3b900d822bffbc96c9d3649bc75', 'https://linux.oracle.com/cve/CVE-2023-52648.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050122-CVE-2023-52648-4e0d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52648', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2023-52648'], 'PublishedDate': '2024-05-01T06:15:07.217Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2023-52653', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52653', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: SUNRPC: fix a memleak in gss_import_v2_context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix a memleak in gss_import_v2_context\n\nThe ctx->mech_used.data allocated by kmemdup is not freed in neither\ngss_import_v2_context nor it only caller gss_krb5_import_sec_context,\nwhich frees ctx on error.\n\nThus, this patch reform the last call of gss_import_v2_context to the\ngss_krb5_import_ctx_v2, preventing the memleak while keepping the return\nformation.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2023-52653', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/e67b652d8e8591d3b1e569dbcdfcee15993e91fa (6.9-rc1)', 'https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4', 'https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c', 'https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822', 'https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa', 'https://linux.oracle.com/cve/CVE-2023-52653.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050131-CVE-2023-52653-a5c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52653', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2023-52653'], 'PublishedDate': '2024-05-01T13:15:48.47Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2023-52657', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52657', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;drm/amd/pm: resolve reboot exception for si oland&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "drm/amd/pm: resolve reboot exception for si oland"\n\nThis reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.\n\nThis causes hangs on SI when DC is enabled and errors on driver\nreboot and power off cycles.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52657', 'https://git.kernel.org/linus/955558030954b9637b41c97b730f9b38c92ac488 (6.8-rc7)', 'https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94', 'https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488', 'https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f', 'https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6', 'https://lore.kernel.org/linux-cve-announce/2024051758-CVE-2023-52657-628c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52657', 'https://www.cve.org/CVERecord?id=CVE-2023-52657'], 'PublishedDate': '2024-05-17T12:15:09.077Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52660', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52660', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: rkisp1: Fix IRQ handling due to shared interrupts', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ handling due to shared interrupts\n\nThe driver requests the interrupts as IRQF_SHARED, so the interrupt\nhandlers can be called at any time. If such a call happens while the ISP\nis powered down, the SoC will hang as the driver tries to access the\nISP registers.\n\nThis can be reproduced even without the platform sharing the IRQ line:\nEnable CONFIG_DEBUG_SHIRQ and unload the driver, and the board will\nhang.\n\nFix this by adding a new field, 'irqs_enabled', which is used to bail\nout from the interrupt handler when the ISP is not operational.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52660', 'https://git.kernel.org/linus/ffb635bb398fc07cb38f8a7b4a82cbe5f412f08e (6.8-rc5)', 'https://git.kernel.org/stable/c/abd34206f396d3ae50cddbd5aa840b8cd7f68c63', 'https://git.kernel.org/stable/c/b39b4d207d4f236a74e20d291f6356f2231fd9ee', 'https://git.kernel.org/stable/c/edcf92bc66d8361c51dff953a55210e5cfd95587', 'https://git.kernel.org/stable/c/ffb635bb398fc07cb38f8a7b4a82cbe5f412f08e', 'https://lore.kernel.org/linux-cve-announce/2024051755-CVE-2023-52660-6eac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52660', 'https://www.cve.org/CVERecord?id=CVE-2023-52660'], 'PublishedDate': '2024-05-17T13:15:57.77Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52664', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: atlantic: eliminate double free in error handling logic', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: eliminate double free in error handling logic\n\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\n\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\n\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52664', 'https://git.kernel.org/linus/b3cb7a830a24527877b0bc900b9bd74a96aea928 (6.8-rc1)', 'https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d', 'https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928', 'https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf', 'https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d', 'https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2023-52664-dea1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52664', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52664'], 'PublishedDate': '2024-05-17T14:15:08.807Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52671', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix hang/underflow when transitioning to ODM4:1\n\n[Why]\nUnder some circumstances, disabling an OPTC and attempting to reclaim\nits OPP(s) for a different OPTC could cause a hang/underflow due to OPPs\nnot being properly disconnected from the disabled OPTC.\n\n[How]\nEnsure that all OPPs are unassigned from an OPTC when it gets disabled.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52671', 'https://git.kernel.org/linus/e7b2b108cdeab76a7e7324459e50b0c1214c0386 (6.8-rc1)', 'https://git.kernel.org/stable/c/4b6b479b2da6badff099b2e3abf0248936eefbf5', 'https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239', 'https://git.kernel.org/stable/c/e7b2b108cdeab76a7e7324459e50b0c1214c0386', 'https://lore.kernel.org/linux-cve-announce/2024051729-CVE-2023-52671-a2df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52671', 'https://www.cve.org/CVERecord?id=CVE-2023-52671'], 'PublishedDate': '2024-05-17T14:15:10.29Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52673', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix a debugfs null pointer error', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a debugfs null pointer error\n\n[WHY & HOW]\nCheck whether get_subvp_en() callback exists before calling it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52673', 'https://git.kernel.org/linus/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7 (6.8-rc1)', 'https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a', 'https://git.kernel.org/stable/c/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7', 'https://lore.kernel.org/linux-cve-announce/2024051729-CVE-2023-52673-57e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52673', 'https://www.cve.org/CVERecord?id=CVE-2023-52673'], 'PublishedDate': '2024-05-17T14:15:10.773Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52676', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52676', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Guard stack limits against 32bit overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Guard stack limits against 32bit overflow\n\nThis patch promotes the arithmetic around checking stack bounds to be\ndone in the 64-bit domain, instead of the current 32bit. The arithmetic\nimplies adding together a 64-bit register with a int offset. The\nregister was checked to be below 1<<29 when it was variable, but not\nwhen it was fixed. The offset either comes from an instruction (in which\ncase it is 16 bit), from another register (in which case the caller\nchecked it to be below 1<<29 [1]), or from the size of an argument to a\nkfunc (in which case it can be a u32 [2]). Between the register being\ninconsistently checked to be below 1<<29, and the offset being up to an\nu32, it appears that we were open to overflowing the `int`s which were\ncurrently used for arithmetic.\n\n[1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498\n[2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52676', 'https://git.kernel.org/linus/1d38a9ee81570c4bd61f557832dead4d6f816760 (6.8-rc1)', 'https://git.kernel.org/stable/c/1d38a9ee81570c4bd61f557832dead4d6f816760', 'https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2', 'https://git.kernel.org/stable/c/e5ad9ecb84405637df82732ee02ad741a5f782a6', 'https://lore.kernel.org/linux-cve-announce/2024051749-CVE-2023-52676-e224@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52676', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52676'], 'PublishedDate': '2024-05-17T15:15:18.633Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52682', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52682', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to wait on block writeback for post_read case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t  - gc_data_segment\n\t\t\t\t\t   - move_data_block\n\t\t\t\t\t    - f2fs_submit_page_write\n\t\t\t\t\t     migrate normal cluster's block via\n\t\t\t\t\t     meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n  - f2fs_inplace_write_data\n   - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52682', 'https://git.kernel.org/linus/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00 (6.8-rc1)', 'https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2', 'https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00', 'https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3', 'https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986', 'https://lore.kernel.org/linux-cve-announce/2024051751-CVE-2023-52682-fae2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52682', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2023-52682'], 'PublishedDate': '2024-05-17T15:15:19.427Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2023-52700', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52700', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tipc: fix kernel warning when sending SYN message', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel warning when sending SYN message\n\nWhen sending a SYN message, this kernel stack trace is observed:\n\n...\n[   13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\n...\n[   13.398494] Call Trace:\n[   13.398630]  <TASK>\n[   13.398630]  ? __alloc_skb+0xed/0x1a0\n[   13.398630]  tipc_msg_build+0x12c/0x670 [tipc]\n[   13.398630]  ? shmem_add_to_page_cache.isra.71+0x151/0x290\n[   13.398630]  __tipc_sendmsg+0x2d1/0x710 [tipc]\n[   13.398630]  ? tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __local_bh_enable_ip+0x37/0x80\n[   13.398630]  tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __sys_connect+0x9f/0xd0\n[   13.398630]  __sys_connect+0x9f/0xd0\n[   13.398630]  ? preempt_count_add+0x4d/0xa0\n[   13.398630]  ? fpregs_assert_state_consistent+0x22/0x50\n[   13.398630]  __x64_sys_connect+0x16/0x20\n[   13.398630]  do_syscall_64+0x42/0x90\n[   13.398630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIt is because commit a41dad905e5a ("iov_iter: saner checks for attempt\nto copy to/from iterator") has introduced sanity check for copying\nfrom/to iov iterator. Lacking of copy direction from the iterator\nviewpoint would lead to kernel stack trace like above.\n\nThis commit fixes this issue by initializing the iov iterator with\nthe correct copy direction when sending SYN or ACK without data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2023-52700', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/11a4d6f67cf55883dc78e31c247d1903ed7feccc (6.2)', 'https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc', 'https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32', 'https://linux.oracle.com/cve/CVE-2023-52700.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52700-1e45@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52700', 'https://www.cve.org/CVERecord?id=CVE-2023-52700'], 'PublishedDate': '2024-05-21T16:15:12.48Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52701', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52701', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: use a bounce buffer for copying skb-&gt;mark', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use a bounce buffer for copying skb->mark\n\nsyzbot found arm64 builds would crash in sock_recv_mark()\nwhen CONFIG_HARDENED_USERCOPY=y\n\nx86 and powerpc are not detecting the issue because\nthey define user_access_begin.\nThis will be handled in a different patch,\nbecause a check_object_size() is missing.\n\nOnly data from skb->cb[] can be copied directly to/from user space,\nas explained in commit 79a8a642bf05 ("net: Whitelist\nthe skbuff_head_cache "cb" field")\n\nsyzbot report was:\nusercopy: Kernel memory exposure attempt detected from SLUB object \'skbuff_head_cache\' (offset 168, size 4)!\n------------[ cut here ]------------\nkernel BUG at mm/usercopy.c:102 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 4410 Comm: syz-executor533 Not tainted 6.2.0-rc7-syzkaller-17907-g2d3827b3f393 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usercopy_abort+0x90/0x94 mm/usercopy.c:90\nlr : usercopy_abort+0x90/0x94 mm/usercopy.c:90\nsp : ffff80000fb9b9a0\nx29: ffff80000fb9b9b0 x28: ffff0000c6073400 x27: 0000000020001a00\nx26: 0000000000000014 x25: ffff80000cf52000 x24: fffffc0000000000\nx23: 05ffc00000000200 x22: fffffc000324bf80 x21: ffff0000c92fe1a8\nx20: 0000000000000001 x19: 0000000000000004 x18: 0000000000000000\nx17: 656a626f2042554c x16: ffff0000c6073dd0 x15: ffff80000dbd2118\nx14: ffff0000c6073400 x13: 00000000ffffffff x12: ffff0000c6073400\nx11: ff808000081bbb4c x10: 0000000000000000 x9 : 7b0572d7cc0ccf00\nx8 : 7b0572d7cc0ccf00 x7 : ffff80000bf650d4 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : ffff0001fefbff08 x1 : 0000000100000000 x0 : 000000000000006c\nCall trace:\nusercopy_abort+0x90/0x94 mm/usercopy.c:90\n__check_heap_object+0xa8/0x100 mm/slub.c:4761\ncheck_heap_object mm/usercopy.c:196 [inline]\n__check_object_size+0x208/0x6b8 mm/usercopy.c:251\ncheck_object_size include/linux/thread_info.h:199 [inline]\n__copy_to_user include/linux/uaccess.h:115 [inline]\nput_cmsg+0x408/0x464 net/core/scm.c:238\nsock_recv_mark net/socket.c:975 [inline]\n__sock_recv_cmsgs+0x1fc/0x248 net/socket.c:984\nsock_recv_cmsgs include/net/sock.h:2728 [inline]\npacket_recvmsg+0x2d8/0x678 net/packet/af_packet.c:3482\n____sys_recvmsg+0x110/0x3a0\n___sys_recvmsg net/socket.c:2737 [inline]\n__sys_recvmsg+0x194/0x210 net/socket.c:2767\n__do_sys_recvmsg net/socket.c:2777 [inline]\n__se_sys_recvmsg net/socket.c:2774 [inline]\n__arm64_sys_recvmsg+0x2c/0x3c net/socket.c:2774\n__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\ninvoke_syscall+0x64/0x178 arch/arm64/kernel/syscall.c:52\nel0_svc_common+0xbc/0x180 arch/arm64/kernel/syscall.c:142\ndo_el0_svc+0x48/0x110 arch/arm64/kernel/syscall.c:193\nel0_svc+0x58/0x14c arch/arm64/kernel/entry-common.c:637\nel0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 91388800 aa0903e1 f90003e8 94e6d752 (d4210000)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52701', 'https://git.kernel.org/linus/2558b8039d059342197610498c8749ad294adee5 (6.2)', 'https://git.kernel.org/stable/c/2558b8039d059342197610498c8749ad294adee5', 'https://git.kernel.org/stable/c/863a7de987f02a901bf215509276a7de0370e0f9', 'https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52701-5037@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52701', 'https://www.cve.org/CVERecord?id=CVE-2023-52701'], 'PublishedDate': '2024-05-21T16:15:12.547Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52732', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52732', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ceph: blocklist the kclient when receiving corrupted snap trace', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: blocklist the kclient when receiving corrupted snap trace\n\nWhen received corrupted snap trace we don't know what exactly has\nhappened in MDS side. And we shouldn't continue IOs and metadatas\naccess to MDS, which may corrupt or get incorrect contents.\n\nThis patch will just block all the further IO/MDS requests\nimmediately and then evict the kclient itself.\n\nThe reason why we still need to evict the kclient just after\nblocking all the further IOs is that the MDS could revoke the caps\nfaster.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52732', 'https://git.kernel.org/linus/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9 (6.2-rc7)', 'https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c', 'https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9', 'https://lore.kernel.org/linux-cve-announce/2024052159-CVE-2023-52732-c783@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52732', 'https://www.cve.org/CVERecord?id=CVE-2023-52732'], 'PublishedDate': '2024-05-21T16:15:13.303Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52737', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52737', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: lock the inode in shared mode before starting fiemap', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: lock the inode in shared mode before starting fiemap\n\nCurrently fiemap does not take the inode\'s lock (VFS lock), it only locks\na file range in the inode\'s io tree. This however can lead to a deadlock\nif we have a concurrent fsync on the file and fiemap code triggers a fault\nwhen accessing the user space buffer with fiemap_fill_next_extent(). The\ndeadlock happens on the inode\'s i_mmap_lock semaphore, which is taken both\nby fsync and btrfs_page_mkwrite(). This deadlock was recently reported by\nsyzbot and triggers a trace like the following:\n\n   task:syz-executor361 state:D stack:20264 pid:5668  ppid:5119   flags:0x00004004\n   Call Trace:\n    <TASK>\n    context_switch kernel/sched/core.c:5293 [inline]\n    __schedule+0x995/0xe20 kernel/sched/core.c:6606\n    schedule+0xcb/0x190 kernel/sched/core.c:6682\n    wait_on_state fs/btrfs/extent-io-tree.c:707 [inline]\n    wait_extent_bit+0x577/0x6f0 fs/btrfs/extent-io-tree.c:751\n    lock_extent+0x1c2/0x280 fs/btrfs/extent-io-tree.c:1742\n    find_lock_delalloc_range+0x4e6/0x9c0 fs/btrfs/extent_io.c:488\n    writepage_delalloc+0x1ef/0x540 fs/btrfs/extent_io.c:1863\n    __extent_writepage+0x736/0x14e0 fs/btrfs/extent_io.c:2174\n    extent_write_cache_pages+0x983/0x1220 fs/btrfs/extent_io.c:3091\n    extent_writepages+0x219/0x540 fs/btrfs/extent_io.c:3211\n    do_writepages+0x3c3/0x680 mm/page-writeback.c:2581\n    filemap_fdatawrite_wbc+0x11e/0x170 mm/filemap.c:388\n    __filemap_fdatawrite_range mm/filemap.c:421 [inline]\n    filemap_fdatawrite_range+0x175/0x200 mm/filemap.c:439\n    btrfs_fdatawrite_range fs/btrfs/file.c:3850 [inline]\n    start_ordered_ops fs/btrfs/file.c:1737 [inline]\n    btrfs_sync_file+0x4ff/0x1190 fs/btrfs/file.c:1839\n    generic_write_sync include/linux/fs.h:2885 [inline]\n    btrfs_do_write_iter+0xcd3/0x1280 fs/btrfs/file.c:1684\n    call_write_iter include/linux/fs.h:2189 [inline]\n    new_sync_write fs/read_write.c:491 [inline]\n    vfs_write+0x7dc/0xc50 fs/read_write.c:584\n    ksys_write+0x177/0x2a0 fs/read_write.c:637\n    do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n    entry_SYSCALL_64_after_hwframe+0x63/0xcd\n   RIP: 0033:0x7f7d4054e9b9\n   RSP: 002b:00007f7d404fa2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n   RAX: ffffffffffffffda RBX: 00007f7d405d87a0 RCX: 00007f7d4054e9b9\n   RDX: 0000000000000090 RSI: 0000000020000000 RDI: 0000000000000006\n   RBP: 00007f7d405a51d0 R08: 0000000000000000 R09: 0000000000000000\n   R10: 0000000000000000 R11: 0000000000000246 R12: 61635f65646f6e69\n   R13: 65646f7475616f6e R14: 7261637369646f6e R15: 00007f7d405d87a8\n    </TASK>\n   INFO: task syz-executor361:5697 blocked for more than 145 seconds.\n         Not tainted 6.2.0-rc3-syzkaller-00376-g7c6984405241 #0\n   "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n   task:syz-executor361 state:D stack:21216 pid:5697  ppid:5119   flags:0x00004004\n   Call Trace:\n    <TASK>\n    context_switch kernel/sched/core.c:5293 [inline]\n    __schedule+0x995/0xe20 kernel/sched/core.c:6606\n    schedule+0xcb/0x190 kernel/sched/core.c:6682\n    rwsem_down_read_slowpath+0x5f9/0x930 kernel/locking/rwsem.c:1095\n    __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260\n    btrfs_page_mkwrite+0x417/0xc80 fs/btrfs/inode.c:8526\n    do_page_mkwrite+0x19e/0x5e0 mm/memory.c:2947\n    wp_page_shared+0x15e/0x380 mm/memory.c:3295\n    handle_pte_fault mm/memory.c:4949 [inline]\n    __handle_mm_fault mm/memory.c:5073 [inline]\n    handle_mm_fault+0x1b79/0x26b0 mm/memory.c:5219\n    do_user_addr_fault+0x69b/0xcb0 arch/x86/mm/fault.c:1428\n    handle_page_fault arch/x86/mm/fault.c:1519 [inline]\n    exc_page_fault+0x7a/0x110 arch/x86/mm/fault.c:1575\n    asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570\n   RIP: 0010:copy_user_short_string+0xd/0x40 arch/x86/lib/copy_user_64.S:233\n   Code: 74 0a 89 (...)\n   RSP: 0018:ffffc9000570f330 EFLAGS: 000502\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52737', 'https://git.kernel.org/linus/519b7e13b5ae8dd38da1e52275705343be6bb508 (6.2-rc8)', 'https://git.kernel.org/stable/c/519b7e13b5ae8dd38da1e52275705343be6bb508', 'https://git.kernel.org/stable/c/d8c594da79bc0244e610a70594e824a401802be1', 'https://lore.kernel.org/linux-cve-announce/2024052101-CVE-2023-52737-e10e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52737', 'https://www.cve.org/CVERecord?id=CVE-2023-52737'], 'PublishedDate': '2024-05-21T16:15:13.667Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52749', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: Fix null dereference on suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n   ctlr->cur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n   to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n   called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52749', 'https://git.kernel.org/linus/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 (6.7-rc1)', 'https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068', 'https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e', 'https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37', 'https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52749-684e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52749', 'https://www.cve.org/CVERecord?id=CVE-2023-52749'], 'PublishedDate': '2024-05-21T16:15:14.587Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52751', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix use-after-free in smb2_query_info_compound()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in smb2_query_info_compound()\n\nThe following UAF was triggered when running fstests generic/072 with\nKASAN enabled against Windows Server 2022 and mount options\n'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm'\n\n  BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs]\n  Read of size 8 at addr ffff888014941048 by task xfs_io/27534\n\n  CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n  rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Call Trace:\n   dump_stack_lvl+0x4a/0x80\n   print_report+0xcf/0x650\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __phys_addr+0x46/0x90\n   kasan_report+0xda/0x110\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __stack_depot_save+0x39/0x480\n   ? kasan_save_stack+0x33/0x60\n   ? kasan_set_track+0x25/0x30\n   ? ____kasan_slab_free+0x126/0x170\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   ? __pfx_smb2_queryfs+0x10/0x10 [cifs]\n   ? __pfx___lock_acquire+0x10/0x10\n   smb311_queryfs+0x210/0x220 [cifs]\n   ? __pfx_smb311_queryfs+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __lock_acquire+0x480/0x26c0\n   ? lock_release+0x1ed/0x640\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? do_raw_spin_unlock+0x9b/0x100\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   ? __pfx___do_sys_fstatfs+0x10/0x10\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? lockdep_hardirqs_on_prepare+0x136/0x200\n   ? srso_alias_return_thunk+0x5/0x7f\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Allocated by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   __kasan_kmalloc+0x8f/0xa0\n   open_cached_dir+0x71b/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   smb311_queryfs+0x210/0x220 [cifs]\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Freed by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   kasan_save_free_info+0x2b/0x50\n   ____kasan_slab_free+0x126/0x170\n   slab_free_freelist_hook+0xd0/0x1e0\n   __kmem_cache_free+0x9d/0x1b0\n   open_cached_dir+0xff5/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n\nThis is a race between open_cached_dir() and cached_dir_lease_break()\nwhere the cache entry for the open directory handle receives a lease\nbreak while creating it.  And before returning from open_cached_dir(),\nwe put the last reference of the new @cfid because of\n!@cfid->has_lease.\n\nBesides the UAF, while running xfstests a lot of missed lease breaks\nhave been noticed in tests that run several concurrent statfs(2) calls\non those cached fids\n\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108\n  CIFS: VFS: Dump pending requests:\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 000000005aa7316e len 108\n  ...\n\nTo fix both, in open_cached_dir() ensure that @cfid->has_lease is set\nright before sending out compounded request so that any potential\nlease break will be get processed by demultiplex thread while we're\nstill caching @cfid.  And, if open failed for some reason, re-check\n@cfid->has_lease to decide whether or not put lease reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52751', 'https://git.kernel.org/linus/5c86919455c1edec99ebd3338ad213b59271a71b (6.7-rc1)', 'https://git.kernel.org/stable/c/5c86919455c1edec99ebd3338ad213b59271a71b', 'https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9', 'https://git.kernel.org/stable/c/93877b9afc2994c89362007aac480a7b150f386f', 'https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52751-69df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52751', 'https://www.cve.org/CVERecord?id=CVE-2023-52751'], 'PublishedDate': '2024-05-21T16:15:14.763Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52757', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential deadlock when releasing mids', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock.  If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0                                CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread()            cifs_debug_data_proc_show()\n release_mid()\n  spin_lock(&server->mid_lock);\n                                     spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t      spin_lock(&server->mid_lock)\n  __release_mid()\n   smb2_find_smb_tcon()\n    spin_lock(&cifs_tcp_ses_lock) *deadlock*", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52757', 'https://git.kernel.org/linus/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7 (6.7-rc1)', 'https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29', 'https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf', 'https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26', 'https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7', 'https://lore.kernel.org/linux-cve-announce/2024052146-CVE-2023-52757-5028@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52757', 'https://www.cve.org/CVERecord?id=CVE-2023-52757'], 'PublishedDate': '2024-05-21T16:15:15.187Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52761', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52761', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: VMAP_STACK overflow detection thread-safe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: VMAP_STACK overflow detection thread-safe\n\ncommit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") added\nsupport for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to\n`shadow_stack` temporarily before switching finally to per-cpu\n`overflow_stack`.\n\nIf two CPUs/harts are racing and end up in over flowing kernel stack, one\nor both will end up corrupting each other state because `shadow_stack` is\nnot per-cpu. This patch optimizes per-cpu overflow stack switch by\ndirectly picking per-cpu `overflow_stack` and gets rid of `shadow_stack`.\n\nFollowing are the changes in this patch\n\n - Defines an asm macro to obtain per-cpu symbols in destination\n   register.\n - In entry.S, when overflow is detected, per-cpu overflow stack is\n   located using per-cpu asm macro. Computing per-cpu symbol requires\n   a temporary register. x31 is saved away into CSR_SCRATCH\n   (CSR_SCRATCH is anyways zero since we\'re in kernel).\n\nPlease see Links for additional relevant disccussion and alternative\nsolution.\n\nTested by `echo EXHAUST_STACK > /sys/kernel/debug/provoke-crash/DIRECT`\nKernel crash log below\n\n Insufficient stack space to handle exception!/debug/provoke-crash/DIRECT\n Task stack:     [0xff20000010a98000..0xff20000010a9c000]\n Overflow stack: [0xff600001f7d98370..0xff600001f7d99370]\n CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34\n Hardware name: riscv-virtio,qemu (DT)\n epc : __memset+0x60/0xfc\n  ra : recursive_loop+0x48/0xc6 [lkdtm]\n epc : ffffffff808de0e4 ra : ffffffff0163a752 sp : ff20000010a97e80\n  gp : ffffffff815c0330 tp : ff600000820ea280 t0 : ff20000010a97e88\n  t1 : 000000000000002e t2 : 3233206874706564 s0 : ff20000010a982b0\n  s1 : 0000000000000012 a0 : ff20000010a97e88 a1 : 0000000000000000\n  a2 : 0000000000000400 a3 : ff20000010a98288 a4 : 0000000000000000\n  a5 : 0000000000000000 a6 : fffffffffffe43f0 a7 : 00007fffffffffff\n  s2 : ff20000010a97e88 s3 : ffffffff01644680 s4 : ff20000010a9be90\n  s5 : ff600000842ba6c0 s6 : 00aaaaaac29e42b0 s7 : 00fffffff0aa3684\n  s8 : 00aaaaaac2978040 s9 : 0000000000000065 s10: 00ffffff8a7cad10\n  s11: 00ffffff8a76a4e0 t3 : ffffffff815dbaf4 t4 : ffffffff815dbaf4\n  t5 : ffffffff815dbab8 t6 : ff20000010a9bb48\n status: 0000000200000120 badaddr: ff20000010a97e88 cause: 000000000000000f\n Kernel panic - not syncing: Kernel stack overflow\n CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34\n Hardware name: riscv-virtio,qemu (DT)\n Call Trace:\n [<ffffffff80006754>] dump_backtrace+0x30/0x38\n [<ffffffff808de798>] show_stack+0x40/0x4c\n [<ffffffff808ea2a8>] dump_stack_lvl+0x44/0x5c\n [<ffffffff808ea2d8>] dump_stack+0x18/0x20\n [<ffffffff808dec06>] panic+0x126/0x2fe\n [<ffffffff800065ea>] walk_stackframe+0x0/0xf0\n [<ffffffff0163a752>] recursive_loop+0x48/0xc6 [lkdtm]\n SMP: stopping secondary CPUs\n ---[ end Kernel panic - not syncing: Kernel stack overflow ]---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52761', 'https://git.kernel.org/linus/be97d0db5f44c0674480cb79ac6f5b0529b84c76 (6.7-rc1)', 'https://git.kernel.org/stable/c/1493baaf09e3c1899959c8a107cd1207e16d1788', 'https://git.kernel.org/stable/c/be97d0db5f44c0674480cb79ac6f5b0529b84c76', 'https://git.kernel.org/stable/c/eff53aea3855f71992c043cebb1c00988c17ee20', 'https://lore.kernel.org/linux-cve-announce/2024052147-CVE-2023-52761-5ddf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52761', 'https://www.cve.org/CVERecord?id=CVE-2023-52761'], 'PublishedDate': '2024-05-21T16:15:15.487Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52812', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd: check num of link levels when update pcie param', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: check num of link levels when update pcie param\n\nIn SR-IOV environment, the value of pcie_table->num_of_link_levels will\nbe 0, and num_of_levels - 1 will cause array index out of bounds', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52812', 'https://git.kernel.org/linus/406e8845356d18bdf3d3a23b347faf67706472ec (6.7-rc1)', 'https://git.kernel.org/stable/c/09f617219fe9ccd8d7b65dc3e879b5889f663b5a', 'https://git.kernel.org/stable/c/406e8845356d18bdf3d3a23b347faf67706472ec', 'https://git.kernel.org/stable/c/5b4574b663d0a1a0a62d5232429b7db9ae6d0670', 'https://lore.kernel.org/linux-cve-announce/2024052102-CVE-2023-52812-b5b2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52812', 'https://www.cve.org/CVERecord?id=CVE-2023-52812'], 'PublishedDate': '2024-05-21T16:15:19.41Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52829', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52829', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()\n\nreg_cap.phy_id is extracted from WMI event and could be an unexpected value\nin case some errors happen. As a result out-of-bound write may occur to\nsoc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it.\n\nThis is found during code review.\n\nCompile tested only.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52829', 'https://git.kernel.org/linus/b302dce3d9edea5b93d1902a541684a967f3c63c (6.7-rc1)', 'https://git.kernel.org/stable/c/4dd0547e8b45faf6f95373be5436b66cde326c0e', 'https://git.kernel.org/stable/c/b302dce3d9edea5b93d1902a541684a967f3c63c', 'https://git.kernel.org/stable/c/dfe13eaab043130f90dd3d57c7d88577c04adc97', 'https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52829-3283@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52829', 'https://www.cve.org/CVERecord?id=CVE-2023-52829'], 'PublishedDate': '2024-05-21T16:15:20.6Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52831', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: cpu/hotplug: Don't offline the last non-isolated CPU", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\'t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the "isolcpus=" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n  rebuild_sched_domains_locked()\n    ndoms = generate_sched_domains(&doms, &attr);\n      cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52831', 'https://git.kernel.org/linus/38685e2a0476127db766f81b1c06019ddc4c9ffa (6.7-rc1)', 'https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63', 'https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13', 'https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908', 'https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffa', 'https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52831-ce31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52831', 'https://www.cve.org/CVERecord?id=CVE-2023-52831'], 'PublishedDate': '2024-05-21T16:15:20.743Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52837', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: fix uaf in nbd_open', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_open\n\nCommit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and\nblk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won\'t set\ndisk->private_data as NULL as before. UAF may be triggered in nbd_open()\nif someone tries to open nbd device right after nbd_put() since nbd has\nbeen free in nbd_dev_remove().\n\nFix this by implementing ->free_disk and free private data in it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52837', 'https://git.kernel.org/linus/327462725b0f759f093788dfbcb2f1fd132f956b (6.7-rc1)', 'https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b', 'https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3', 'https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe', 'https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db', 'https://lore.kernel.org/linux-cve-announce/2024052110-CVE-2023-52837-6490@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52837', 'https://www.cve.org/CVERecord?id=CVE-2023-52837'], 'PublishedDate': '2024-05-21T16:15:21.17Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52857', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/mediatek: Fix coverity issue with unintentional integer overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix coverity issue with unintentional integer overflow\n\n1. Instead of multiplying 2 variable of different types. Change to\nassign a value of one variable and then multiply the other variable.\n\n2. Add a int variable for multiplier calculation instead of calculating\ndifferent types multiplier with dma_addr_t variable directly.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52857', 'https://git.kernel.org/linus/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7 (6.7-rc1)', 'https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396', 'https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c', 'https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7', 'https://lore.kernel.org/linux-cve-announce/2024052116-CVE-2023-52857-e288@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52857', 'https://www.cve.org/CVERecord?id=CVE-2023-52857'], 'PublishedDate': '2024-05-21T16:15:22.803Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52879', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tracing: Have trace_event_file have ref counters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \'p:sched schedule\' > kprobe_events\n # exec 5>>events/kprobes/sched/enable\n # > kprobe_events\n # exec 5>&-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\'t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n"file" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the "enable" file gets a reference to the event "file" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event "file"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event "file" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent "file" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event "file" descriptor as well as a\nnew flag called "FREED". The "file" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\'s still a reference to the event "file" descriptor.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52879', 'https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)', 'https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706', 'https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976', 'https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d', 'https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e', 'https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f', 'https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4', 'https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0', 'https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52879', 'https://www.cve.org/CVERecord?id=CVE-2023-52879'], 'PublishedDate': '2024-05-21T16:15:24.53Z', 'LastModifiedDate': '2024-05-21T16:53:56.55Z'}, {'VulnerabilityID': 'CVE-2023-52888', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Only free buffer VA that is not NULL', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Only free buffer VA that is not NULL\n\nIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly\ncalled only when the buffer to free exists, there are some instances\nthat didn't do the check and triggered warnings in practice.\n\nWe believe those checks were forgotten unintentionally. Add the checks\nback to fix the warnings.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52888', 'https://git.kernel.org/linus/eb005c801ec70ff4307727bd3bd6e8280169ef32 (6.10-rc1)', 'https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04', 'https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91', 'https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32', 'https://lore.kernel.org/linux-cve-announce/2024073015-CVE-2023-52888-51c6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52888', 'https://www.cve.org/CVERecord?id=CVE-2023-52888'], 'PublishedDate': '2024-07-30T08:15:02.293Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2023-52904', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52904', 'https://git.kernel.org/linus/92a9c0ad86d47ff4cce899012e355c400f02cfb8 (6.2-rc4)', 'https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8', 'https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8', 'https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030', 'https://lore.kernel.org/linux-cve-announce/2024082113-CVE-2023-52904-b85a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52904', 'https://www.cve.org/CVERecord?id=CVE-2023-52904'], 'PublishedDate': '2024-08-21T07:15:06.54Z', 'LastModifiedDate': '2024-10-17T14:15:04.8Z'}, {'VulnerabilityID': 'CVE-2023-52905', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52905', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: octeontx2-pf: Fix resource leakage in VF driver unbind', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52905', 'https://git.kernel.org/linus/53da7aec32982f5ee775b69dce06d63992ce4af3 (6.2-rc4)', 'https://git.kernel.org/stable/c/53da7aec32982f5ee775b69dce06d63992ce4af3', 'https://git.kernel.org/stable/c/c8ca0ad10df08ea36bcac1288062d567d22604c9', 'https://lore.kernel.org/linux-cve-announce/2024082113-CVE-2023-52905-53fd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52905', 'https://www.cve.org/CVERecord?id=CVE-2023-52905'], 'PublishedDate': '2024-08-21T07:15:06.597Z', 'LastModifiedDate': '2024-09-13T13:27:29.043Z'}, {'VulnerabilityID': 'CVE-2023-52911', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm: another fix for the headless Adreno GPU', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: another fix for the headless Adreno GPU\n\nFix another oops reproducible when rebooting the board with the Adreno\nGPU working in the headless mode (e.g. iMX platforms).\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000\nInternal error: Oops: 17 [#1] ARM\nCPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11\nHardware name: Freescale i.MX53 (Device Tree Support)\nPC is at msm_atomic_commit_tail+0x50/0x970\nLR is at commit_tail+0x9c/0x188\npc : [<c06aa430>]    lr : [<c067a214>]    psr: 600e0013\nsp : e0851d30  ip : ee4eb7eb  fp : 00090acc\nr10: 00000058  r9 : c2193014  r8 : c4310000\nr7 : c4759380  r6 : 07bef61d  r5 : 00000000  r4 : 00000000\nr3 : c44cc440  r2 : 00000000  r1 : 00000000  r0 : 00000000\nFlags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\nControl: 10c5387d  Table: 74910019  DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: NULL pointer\nRegister r2 information: NULL pointer\nRegister r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024\nRegister r4 information: NULL pointer\nRegister r5 information: NULL pointer\nRegister r6 information: non-paged memory\nRegister r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128\nRegister r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048\nRegister r9 information: non-slab/vmalloc memory\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: non-paged memory\nProcess reboot (pid: 51, stack limit = 0xc80046d9)\nStack: (0xe0851d30 to 0xe0852000)\n1d20:                                     c4759380 fbd77200 000005ff 002b9c70\n1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058\n1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c\n1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468\n1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810\n1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00\n1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8\n1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854\n1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000\n1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60\n1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4\n1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000\n1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058\n1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028\n1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc\n1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000\n msm_atomic_commit_tail from commit_tail+0x9c/0x188\n commit_tail from drm_atomic_helper_commit+0x160/0x188\n drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0\n drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0\n drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140\n drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240\n device_shutdown from kernel_restart+0x38/0x90\n kernel_restart from __do_sys_reboot+0x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52911', 'https://git.kernel.org/linus/00dd060ab3cf95ca6ede7853bc14397014971b5e (6.2-rc4)', 'https://git.kernel.org/stable/c/00dd060ab3cf95ca6ede7853bc14397014971b5e', 'https://git.kernel.org/stable/c/b107b08c41b3076a508113fbaaffe15ce1fe7f65', 'https://lore.kernel.org/linux-cve-announce/2024082115-CVE-2023-52911-28fa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52911', 'https://www.cve.org/CVERecord?id=CVE-2023-52911'], 'PublishedDate': '2024-08-21T07:15:06.967Z', 'LastModifiedDate': '2024-09-12T14:49:30.22Z'}, {'VulnerabilityID': 'CVE-2023-52912', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fixed bug on error when unloading amdgpu', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fixed bug on error when unloading amdgpu\n\nFixed bug on error when unloading amdgpu.\n\nThe error message is as follows:\n[  377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!\n[  377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[  377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G          IOE      6.0.0-thomas #1\n[  377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021\n[  377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]\n[  377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53\n[  377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287\n[  377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000\n[  377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70\n[  377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001\n[  377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70\n[  377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70\n[  377.706325] FS:  00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000\n[  377.706334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0\n[  377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  377.706361] Call Trace:\n[  377.706365]  <TASK>\n[  377.706369]  drm_buddy_free_list+0x2a/0x60 [drm_buddy]\n[  377.706376]  amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]\n[  377.706572]  amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]\n[  377.706650]  amdgpu_bo_fini+0x22/0x90 [amdgpu]\n[  377.706727]  gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]\n[  377.706821]  amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]\n[  377.706897]  amdgpu_driver_release_kms+0x12/0x30 [amdgpu]\n[  377.706975]  drm_dev_release+0x20/0x40 [drm]\n[  377.707006]  release_nodes+0x35/0xb0\n[  377.707014]  devres_release_all+0x8b/0xc0\n[  377.707020]  device_unbind_cleanup+0xe/0x70\n[  377.707027]  device_release_driver_internal+0xee/0x160\n[  377.707033]  driver_detach+0x44/0x90\n[  377.707039]  bus_remove_driver+0x55/0xe0\n[  377.707045]  pci_unregister_driver+0x3b/0x90\n[  377.707052]  amdgpu_exit+0x11/0x6c [amdgpu]\n[  377.707194]  __x64_sys_delete_module+0x142/0x2b0\n[  377.707201]  ? fpregs_assert_state_consistent+0x22/0x50\n[  377.707208]  ? exit_to_user_mode_prepare+0x3e/0x190\n[  377.707215]  do_syscall_64+0x38/0x90\n[  377.707221]  entry_SYSCALL_64_after_hwframe+0x63/0xcd', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52912', 'https://git.kernel.org/linus/99f1a36c90a7524972be5a028424c57fa17753ee (6.2-rc4)', 'https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199', 'https://git.kernel.org/stable/c/99f1a36c90a7524972be5a028424c57fa17753ee', 'https://lore.kernel.org/linux-cve-announce/2024082115-CVE-2023-52912-a6c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52912', 'https://www.cve.org/CVERecord?id=CVE-2023-52912'], 'PublishedDate': '2024-08-21T07:15:07.02Z', 'LastModifiedDate': '2024-09-12T14:35:58.593Z'}, {'VulnerabilityID': 'CVE-2023-52913', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915: Fix potential context UAFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential context UAFs\n\ngem_context_register() makes the context visible to userspace, and which\npoint a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.\nSo we need to ensure that nothing uses the ctx ptr after this.  And we\nneed to ensure that adding the ctx to the xarray is the *last* thing\nthat gem_context_register() does with the ctx pointer.\n\n[tursulin: Stable and fixes tags add/tidy.]\n(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52913', 'https://git.kernel.org/linus/afce71ff6daa9c0f852df0727fe32c6fb107f0fa (6.2-rc4)', 'https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa', 'https://git.kernel.org/stable/c/b696c627b3f56e173f7f70b8487d66da8ff22506', 'https://lore.kernel.org/linux-cve-announce/2024082115-CVE-2023-52913-5347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52913', 'https://www.cve.org/CVERecord?id=CVE-2023-52913'], 'PublishedDate': '2024-08-21T07:15:07.087Z', 'LastModifiedDate': '2024-09-12T14:38:40.43Z'}, {'VulnerabilityID': 'CVE-2023-52916', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52916', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: aspeed: Fix memory overwrite if timing is 1600x900', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: Fix memory overwrite if timing is 1600x900\n\nWhen capturing 1600x900, system could crash when system memory usage is\ntight.\n\nThe way to reproduce this issue:\n1. Use 1600x900 to display on host\n2. Mount ISO through \'Virtual media\' on OpenBMC\'s web\n3. Run script as below on host to do sha continuously\n  #!/bin/bash\n  while [ [1] ];\n  do\n\tfind /media -type f -printf \'"%h/%f"\\n\' | xargs sha256sum\n  done\n4. Open KVM on OpenBMC\'s web\n\nThe size of macro block captured is 8x8. Therefore, we should make sure\nthe height of src-buf is 8 aligned to fix this issue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-52916', 'https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1)', 'https://git.kernel.org/stable/c/c281355068bc258fd619c5aefd978595bede7bfe', 'https://lore.kernel.org/linux-cve-announce/2024090655-CVE-2023-52916-edc0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52916', 'https://www.cve.org/CVERecord?id=CVE-2023-52916'], 'PublishedDate': '2024-09-06T09:15:03.327Z', 'LastModifiedDate': '2024-09-06T12:08:04.55Z'}, {'VulnerabilityID': 'CVE-2023-6610', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-6610', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: OOB Access in smb2_dump_detail', 'Description': 'An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:0723', 'https://access.redhat.com/errata/RHSA-2024:0724', 'https://access.redhat.com/errata/RHSA-2024:0725', 'https://access.redhat.com/errata/RHSA-2024:0881', 'https://access.redhat.com/errata/RHSA-2024:0897', 'https://access.redhat.com/errata/RHSA-2024:1248', 'https://access.redhat.com/errata/RHSA-2024:1404', 'https://access.redhat.com/errata/RHSA-2024:2094', 'https://access.redhat.com/security/cve/CVE-2023-6610', 'https://bugzilla.kernel.org/show_bug.cgi?id=218219', 'https://bugzilla.redhat.com/2087568', 'https://bugzilla.redhat.com/2144379', 'https://bugzilla.redhat.com/2161310', 'https://bugzilla.redhat.com/2173403', 'https://bugzilla.redhat.com/2187813', 'https://bugzilla.redhat.com/2187931', 'https://bugzilla.redhat.com/2231800', 'https://bugzilla.redhat.com/2237757', 'https://bugzilla.redhat.com/2244723', 'https://bugzilla.redhat.com/2245514', 'https://bugzilla.redhat.com/2246944', 'https://bugzilla.redhat.com/2246945', 'https://bugzilla.redhat.com/2253611', 'https://bugzilla.redhat.com/2253614', 'https://bugzilla.redhat.com/2253908', 'https://bugzilla.redhat.com/2254052', 'https://bugzilla.redhat.com/2254053', 'https://bugzilla.redhat.com/2254054', 'https://bugzilla.redhat.com/2255139', 'https://bugzilla.redhat.com/show_bug.cgi?id=2253614', 'https://errata.almalinux.org/8/ALSA-2024-0897.html', 'https://linux.oracle.com/cve/CVE-2023-6610.html', 'https://linux.oracle.com/errata/ELSA-2024-1248.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-6610', 'https://ubuntu.com/security/notices/USN-6688-1', 'https://ubuntu.com/security/notices/USN-6724-1', 'https://ubuntu.com/security/notices/USN-6724-2', 'https://www.cve.org/CVERecord?id=CVE-2023-6610'], 'PublishedDate': '2023-12-08T17:15:07.933Z', 'LastModifiedDate': '2024-07-08T18:15:05.773Z'}, {'VulnerabilityID': 'CVE-2024-26595', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26595', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\n\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon 'region->group->tcam' [1].\n\nFix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-26595', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39', 'https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f', 'https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809', 'https://linux.oracle.com/cve/CVE-2024-26595.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26595', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2024-26595'], 'PublishedDate': '2024-02-23T15:15:09.443Z', 'LastModifiedDate': '2024-04-17T19:55:31.323Z'}, {'VulnerabilityID': 'CVE-2024-26605', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26605', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI/ASPM: Fix deadlock when enabling ASPM', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26605', 'https://git.kernel.org/linus/1e560864159d002b453da42bd2c13a1805515a20 (6.8-rc3)', 'https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3', 'https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20', 'https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c', 'https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70', 'https://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26605', 'https://www.cve.org/CVERecord?id=CVE-2024-26605'], 'PublishedDate': '2024-02-26T16:28:00.207Z', 'LastModifiedDate': '2024-04-28T12:15:19.74Z'}, {'VulnerabilityID': 'CVE-2024-26647', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26647', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Fix late dereference 'dsc' check in 'link_set_dsc_pps_packet()'", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'\n\nIn link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc'\nwas dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc'\nNULL pointer check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26647', 'https://git.kernel.org/linus/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 (6.8-rc1)', 'https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207', 'https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c', 'https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-15-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26647', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2024-26647'], 'PublishedDate': '2024-03-26T18:15:10.063Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2024-26648', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26648', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL check in edp_setup_replay()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()\n\nIn edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay'\nwas dereferenced before the pointer 'link' & 'replay' NULL check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26648', 'https://git.kernel.org/linus/7073934f5d73f8b53308963cee36f0d389ea857c (6.8-rc1)', 'https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935', 'https://git.kernel.org/stable/c/7073934f5d73f8b53308963cee36f0d389ea857c', 'https://git.kernel.org/stable/c/c02d257c654191ecda1dc1af6875d527e85310e7', 'https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-16-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26648', 'https://www.cve.org/CVERecord?id=CVE-2024-26648'], 'PublishedDate': '2024-03-26T18:15:10.22Z', 'LastModifiedDate': '2024-03-27T12:29:41.53Z'}, {'VulnerabilityID': 'CVE-2024-26656', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26656', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: use-after-free vulnerability', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free bug\n\nThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctl\nto the AMDGPU DRM driver on any ASICs with an invalid address and size.\nThe bug was reported by Joonkyo Jung <joonkyoj@yonsei.ac.kr>.\nFor example the following code:\n\nstatic void Syzkaller1(int fd)\n{\n\tstruct drm_amdgpu_gem_userptr arg;\n\tint ret;\n\n\targ.addr = 0xffffffffffff0000;\n\targ.size = 0x80000000; /*2 Gb*/\n\targ.flags = 0x7;\n\tret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &arg);\n}\n\nDue to the address and size are not valid there is a failure in\namdgpu_hmm_register->mmu_interval_notifier_insert->__mmu_interval_notifier_insert->\ncheck_shl_overflow, but we even the amdgpu_hmm_register failure we still call\namdgpu_hmm_unregister into  amdgpu_gem_object_free which causes access to a bad address.\nThe following stack is below when the issue is reproduced when Kazan is enabled:\n\n[  +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[  +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340\n[  +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff <0f> 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80\n[  +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246\n[  +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b\n[  +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260\n[  +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25\n[  +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00\n[  +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260\n[  +0.000011] FS:  00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000\n[  +0.000012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0\n[  +0.000010] Call Trace:\n[  +0.000006]  <TASK>\n[  +0.000007]  ? show_regs+0x6a/0x80\n[  +0.000018]  ? __warn+0xa5/0x1b0\n[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340\n[  +0.000018]  ? report_bug+0x24a/0x290\n[  +0.000022]  ? handle_bug+0x46/0x90\n[  +0.000015]  ? exc_invalid_op+0x19/0x50\n[  +0.000016]  ? asm_exc_invalid_op+0x1b/0x20\n[  +0.000017]  ? kasan_save_stack+0x26/0x50\n[  +0.000017]  ? mmu_interval_notifier_remove+0x23b/0x340\n[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340\n[  +0.000019]  ? mmu_interval_notifier_remove+0x23b/0x340\n[  +0.000020]  ? __pfx_mmu_interval_notifier_remove+0x10/0x10\n[  +0.000017]  ? kasan_save_alloc_info+0x1e/0x30\n[  +0.000018]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? __kasan_kmalloc+0xb1/0xc0\n[  +0.000018]  ? srso_return_thunk+0x5/0x5f\n[  +0.000013]  ? __kasan_check_read+0x11/0x20\n[  +0.000020]  amdgpu_hmm_unregister+0x34/0x50 [amdgpu]\n[  +0.004695]  amdgpu_gem_object_free+0x66/0xa0 [amdgpu]\n[  +0.004534]  ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu]\n[  +0.004291]  ? do_syscall_64+0x5f/0xe0\n[  +0.000023]  ? srso_return_thunk+0x5/0x5f\n[  +0.000017]  drm_gem_object_free+0x3b/0x50 [drm]\n[  +0.000489]  amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu]\n[  +0.004295]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004270]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? __this_cpu_preempt_check+0x13/0x20\n[  +0.000015]  ? srso_return_thunk+0x5/0x5f\n[  +0.000013]  ? sysvec_apic_timer_interrupt+0x57/0xc0\n[  +0.000020]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[  +0.000022]  ? drm_ioctl_kernel+0x17b/0x1f0 [drm]\n[  +0.000496]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004272]  ? drm_ioctl_kernel+0x190/0x1f0 [drm]\n[  +0.000492]  drm_ioctl_kernel+0x140/0x1f0 [drm]\n[  +0.000497]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004297]  ? __pfx_drm_ioctl_kernel+0x10/0x10 [d\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-26656', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/22207fd5c80177b860279653d017474b2812af5e (6.9-rc1)', 'https://git.kernel.org/stable/c/22207fd5c80177b860279653d017474b2812af5e', 'https://git.kernel.org/stable/c/22f665ecfd1225afa1309ace623157d12bb9bb0c', 'https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c', 'https://git.kernel.org/stable/c/e87e08c94c9541b4e18c4c13f2f605935f512605', 'https://linux.oracle.com/cve/CVE-2024-26656.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024040247-CVE-2024-26656-ffaa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26656', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26656'], 'PublishedDate': '2024-04-02T07:15:42.76Z', 'LastModifiedDate': '2024-04-03T14:15:17Z'}, {'VulnerabilityID': 'CVE-2024-26658', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: grab s_umount only if snapshotting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: grab s_umount only if snapshotting\n\nWhen I was testing mongodb over bcachefs with compression,\nthere is a lockdep warning when snapshotting mongodb data volume.\n\n$ cat test.sh\nprog=bcachefs\n\n$prog subvolume create /mnt/data\n$prog subvolume create /mnt/data/snapshots\n\nwhile true;do\n    $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s)\n    sleep 1s\ndone\n\n$ cat /etc/mongodb.conf\nsystemLog:\n  destination: file\n  logAppend: true\n  path: /mnt/data/mongod.log\n\nstorage:\n  dbPath: /mnt/data/\n\nlockdep reports:\n[ 3437.452330] ======================================================\n[ 3437.452750] WARNING: possible circular locking dependency detected\n[ 3437.453168] 6.7.0-rc7-custom+ #85 Tainted: G            E\n[ 3437.453562] ------------------------------------------------------\n[ 3437.453981] bcachefs/35533 is trying to acquire lock:\n[ 3437.454325] ffffa0a02b2b1418 (sb_writers#10){.+.+}-{0:0}, at: filename_create+0x62/0x190\n[ 3437.454875]\n               but task is already holding lock:\n[ 3437.455268] ffffa0a02b2b10e0 (&type->s_umount_key#48){.+.+}-{3:3}, at: bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.456009]\n               which lock already depends on the new lock.\n\n[ 3437.456553]\n               the existing dependency chain (in reverse order) is:\n[ 3437.457054]\n               -> #3 (&type->s_umount_key#48){.+.+}-{3:3}:\n[ 3437.457507]        down_read+0x3e/0x170\n[ 3437.457772]        bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.458206]        __x64_sys_ioctl+0x93/0xd0\n[ 3437.458498]        do_syscall_64+0x42/0xf0\n[ 3437.458779]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.459155]\n               -> #2 (&c->snapshot_create_lock){++++}-{3:3}:\n[ 3437.459615]        down_read+0x3e/0x170\n[ 3437.459878]        bch2_truncate+0x82/0x110 [bcachefs]\n[ 3437.460276]        bchfs_truncate+0x254/0x3c0 [bcachefs]\n[ 3437.460686]        notify_change+0x1f1/0x4a0\n[ 3437.461283]        do_truncate+0x7f/0xd0\n[ 3437.461555]        path_openat+0xa57/0xce0\n[ 3437.461836]        do_filp_open+0xb4/0x160\n[ 3437.462116]        do_sys_openat2+0x91/0xc0\n[ 3437.462402]        __x64_sys_openat+0x53/0xa0\n[ 3437.462701]        do_syscall_64+0x42/0xf0\n[ 3437.462982]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.463359]\n               -> #1 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}:\n[ 3437.463843]        down_write+0x3b/0xc0\n[ 3437.464223]        bch2_write_iter+0x5b/0xcc0 [bcachefs]\n[ 3437.464493]        vfs_write+0x21b/0x4c0\n[ 3437.464653]        ksys_write+0x69/0xf0\n[ 3437.464839]        do_syscall_64+0x42/0xf0\n[ 3437.465009]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.465231]\n               -> #0 (sb_writers#10){.+.+}-{0:0}:\n[ 3437.465471]        __lock_acquire+0x1455/0x21b0\n[ 3437.465656]        lock_acquire+0xc6/0x2b0\n[ 3437.465822]        mnt_want_write+0x46/0x1a0\n[ 3437.465996]        filename_create+0x62/0x190\n[ 3437.466175]        user_path_create+0x2d/0x50\n[ 3437.466352]        bch2_fs_file_ioctl+0x2ec/0xc90 [bcachefs]\n[ 3437.466617]        __x64_sys_ioctl+0x93/0xd0\n[ 3437.466791]        do_syscall_64+0x42/0xf0\n[ 3437.466957]        entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.467180]\n               other info that might help us debug this:\n\n[ 3437.469670] 2 locks held by bcachefs/35533:\n               other info that might help us debug this:\n\n[ 3437.467507] Chain exists of:\n                 sb_writers#10 --> &c->snapshot_create_lock --> &type->s_umount_key#48\n\n[ 3437.467979]  Possible unsafe locking scenario:\n\n[ 3437.468223]        CPU0                    CPU1\n[ 3437.468405]        ----                    ----\n[ 3437.468585]   rlock(&type->s_umount_key#48);\n[ 3437.468758]                                lock(&c->snapshot_create_lock);\n[ 3437.469030]                                lock(&type->s_umount_key#48);\n[ 3437.469291]   rlock(sb_writers#10);\n[ 3437.469434]\n                *** DEADLOCK ***\n\n[ 3437.469\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26658', 'https://git.kernel.org/linus/2acc59dd88d27ad69b66ded80df16c042b04eeec (6.8-rc1)', 'https://git.kernel.org/stable/c/2acc59dd88d27ad69b66ded80df16c042b04eeec', 'https://git.kernel.org/stable/c/5b41d3fd04c6757b9c2a60a0c5b2609cae9999df', 'https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26658-1451@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26658', 'https://www.cve.org/CVERecord?id=CVE-2024-26658'], 'PublishedDate': '2024-04-02T07:15:42.903Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2024-26662', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: 'panel_cntl' could be null in 'dcn21_set_backlight_level()'", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'\n\n'panel_cntl' structure used to control the display panel could be null,\ndereferencing it could lead to a null pointer access.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26662', 'https://git.kernel.org/linus/e96fddb32931d007db12b1fce9b5e8e4c080401b (6.8-rc4)', 'https://git.kernel.org/stable/c/0c863cab0e9173f8b6c7bc328bee3b8625f131b5', 'https://git.kernel.org/stable/c/2e150ccea13129eb048679114808eb9770443e4d', 'https://git.kernel.org/stable/c/e96fddb32931d007db12b1fce9b5e8e4c080401b', 'https://lore.kernel.org/linux-cve-announce/2024040223-CVE-2024-26662-863c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26662', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26662'], 'PublishedDate': '2024-04-02T07:15:43.213Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2024-26672', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amdgpu: variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368)\n\n357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev,\n\t\t\t\t     enum amdgpu_mca_error_type type,\n358                                  int idx, struct mca_bank_entry *entry)\n359 {\n360         const struct amdgpu_mca_smu_funcs *mca_funcs =\n\t\t\t\t\t\tadev->mca.mca_funcs;\n361         int count;\n362\n363         switch (type) {\n364         case AMDGPU_MCA_ERROR_TYPE_UE:\n365                 count = mca_funcs->max_ue_count;\n\nmca_funcs is dereferenced here.\n\n366                 break;\n367         case AMDGPU_MCA_ERROR_TYPE_CE:\n368                 count = mca_funcs->max_ce_count;\n\nmca_funcs is dereferenced here.\n\n369                 break;\n370         default:\n371                 return -EINVAL;\n372         }\n373\n374         if (idx >= count)\n375                 return -EINVAL;\n376\n377         if (mca_funcs && mca_funcs->mca_get_mca_entry)\n\t        ^^^^^^^^^\n\nChecked too late!", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26672', 'https://git.kernel.org/linus/4f32504a2f85a7b40fe149436881381f48e9c0c0 (6.8-rc1)', 'https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0', 'https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53', 'https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26672-e96e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26672', 'https://www.cve.org/CVERecord?id=CVE-2024-26672'], 'PublishedDate': '2024-04-02T07:15:43.9Z', 'LastModifiedDate': '2024-04-02T12:50:42.233Z'}, {'VulnerabilityID': 'CVE-2024-26686', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26686', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats\n\nlock_task_sighand() can trigger a hard lockup.  If NR_CPUS threads call\ndo_task_stat() at the same time and the process has NR_THREADS, it will\nspin with irqs disabled O(NR_CPUS * NR_THREADS) time.\n\nChange do_task_stat() to use sig->stats_lock to gather the statistics\noutside of ->siglock protected section, in the likely case this code will\nrun lockless.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26686', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/7601df8031fd67310af891897ef6cc0df4209305 (6.8-rc4)', 'https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071', 'https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305', 'https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d', 'https://linux.oracle.com/cve/CVE-2024-26686.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024040335-CVE-2024-26686-b22f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26686', 'https://www.cve.org/CVERecord?id=CVE-2024-26686'], 'PublishedDate': '2024-04-03T15:15:52.263Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26691', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26691', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Fix circular locking dependency', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix circular locking dependency\n\nThe rule inside kvm enforces that the vcpu->mutex is taken *inside*\nkvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquires\nthe kvm->lock while already holding the vcpu->mutex lock from\nkvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by\nprotecting the hyp vm handle with the config_lock, much like we already\ndo for other forms of VM-scoped data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26691', 'https://git.kernel.org/linus/10c02aad111df02088d1a81792a709f6a7eca6cc (6.8-rc5)', 'https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc', 'https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc', 'https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228', 'https://lore.kernel.org/linux-cve-announce/2024040336-CVE-2024-26691-fff7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26691', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26691'], 'PublishedDate': '2024-04-03T15:15:52.55Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26699', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26699', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr\n\n[Why]\nThere is a potential memory access violation while\niterating through array of dcn35 clks.\n\n[How]\nLimit iteration per array size.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26699', 'https://git.kernel.org/linus/46806e59a87790760870d216f54951a5b4d545bc (6.8-rc5)', 'https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc', 'https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb', 'https://lore.kernel.org/linux-cve-announce/2024040339-CVE-2024-26699-c700@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26699', 'https://www.cve.org/CVERecord?id=CVE-2024-26699'], 'PublishedDate': '2024-04-03T15:15:52.98Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26700', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26700', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix MST Null Ptr for RV', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix MST Null Ptr for RV\n\nThe change try to fix below error specific to RV platform:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\nHardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\nCall Trace:\n <TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n ? _copy_to_user+0x25/0x30\n ? drm_ioctl+0x296/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n drm_ioctl_kernel+0xcd/0x170\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4dad17f76f\nCode: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c>\nRSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f\nRDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b\nRBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc\nR13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0\n </TASK>\nModules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep >\n typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas>\nCR2: 0000000000000008\n---[ end trace 0000000000000000 ]---\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26700', 'https://git.kernel.org/linus/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57 (6.8-rc4)', 'https://git.kernel.org/stable/c/01d992088dce3945f70f49f34b0b911c5213c238', 'https://git.kernel.org/stable/c/5cd7185d2db76c42a9b7e69adad9591d9fca093f', 'https://git.kernel.org/stable/c/7407c61f43b66e90ad127d0cdd13cbc9d87141a5', 'https://git.kernel.org/stable/c/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57', 'https://lore.kernel.org/linux-cve-announce/2024040339-CVE-2024-26700-a2b8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26700', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26700'], 'PublishedDate': '2024-04-03T15:15:53.03Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26714', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26714', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: sc8180x: Mark CO0 BCM keepalive\n\nThe CO0 BCM needs to be up at all times, otherwise some hardware (like\nthe UFS controller) loses its connection to the rest of the SoC,\nresulting in a hang of the platform, accompanied by a spectacular\nlogspam.\n\nMark it as keepalive to prevent such cases.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26714', 'https://git.kernel.org/linus/85e985a4f46e462a37f1875cb74ed380e7c0c2e0 (6.8-rc5)', 'https://git.kernel.org/stable/c/6616d3c4f8284a7b3ef978c916566bd240cea1c7', 'https://git.kernel.org/stable/c/7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0', 'https://git.kernel.org/stable/c/85e985a4f46e462a37f1875cb74ed380e7c0c2e0', 'https://git.kernel.org/stable/c/d8e36ff40cf9dadb135f3a97341c02c9a7afcc43', 'https://lore.kernel.org/linux-cve-announce/2024040343-CVE-2024-26714-d9a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26714', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26714'], 'PublishedDate': '2024-04-03T15:15:53.7Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26718', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-crypt, dm-verity: disable tasklets', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt, dm-verity: disable tasklets\n\nTasklets have an inherent problem with memory corruption. The function\ntasklet_action_common calls tasklet_trylock, then it calls the tasklet\ncallback and then it calls tasklet_unlock. If the tasklet callback frees\nthe structure that contains the tasklet or if it calls some code that may\nfree it, tasklet_unlock will write into free memory.\n\nThe commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but\nit is not a sufficient fix and the data corruption can still happen [1].\nThere is no fix for dm-verity and dm-verity will write into free memory\nwith every tasklet-processed bio.\n\nThere will be atomic workqueues implemented in the kernel 6.9 [2]. They\nwill have better interface and they will not suffer from the memory\ncorruption problem.\n\nBut we need something that stops the memory corruption now and that can be\nbackported to the stable kernels. So, I'm proposing this commit that\ndisables tasklets in both dm-crypt and dm-verity. This commit doesn't\nremove the tasklet support, because the tasklet code will be reused when\natomic workqueues will be implemented.\n\n[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/\n[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26718', 'https://git.kernel.org/linus/0a9bab391e336489169b95cb0d4553d921302189 (6.8-rc3)', 'https://git.kernel.org/stable/c/0a9bab391e336489169b95cb0d4553d921302189', 'https://git.kernel.org/stable/c/0c45a20cbe68bc4d681734f5c03891124a274257', 'https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94', 'https://git.kernel.org/stable/c/5735a2671ffb70ea29ca83969fe01316ee2ed6fc', 'https://lore.kernel.org/linux-cve-announce/2024040344-CVE-2024-26718-7259@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26718', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26718'], 'PublishedDate': '2024-04-03T15:15:53.897Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26719', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26719', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau: offload fence uevents work to workqueue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: offload fence uevents work to workqueue\n\nThis should break the deadlock between the fctx lock and the irq lock.\n\nThis offloads the processing off the work from the irq into a workqueue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26719', 'https://git.kernel.org/linus/39126abc5e20611579602f03b66627d7cd1422f0 (6.8-rc3)', 'https://git.kernel.org/stable/c/39126abc5e20611579602f03b66627d7cd1422f0', 'https://git.kernel.org/stable/c/985d053f7633d8b539ab1531738d538efac678a9', 'https://git.kernel.org/stable/c/cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906', 'https://lore.kernel.org/linux-cve-announce/2024040344-CVE-2024-26719-b66e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26719', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26719'], 'PublishedDate': '2024-04-03T15:15:53.947Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26726', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: btrfs: don't drop extent_map for free space inode on write error", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't drop extent_map for free space inode on write error\n\nWhile running the CI for an unrelated change I hit the following panic\nwith generic/648 on btrfs_holes_spacecache.\n\nassertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385\n------------[ cut here ]------------\nkernel BUG at fs/btrfs/extent_io.c:1385!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G        W          6.8.0-rc2+ #1\nRIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0\nCall Trace:\n <TASK>\n extent_write_cache_pages+0x2ac/0x8f0\n extent_writepages+0x87/0x110\n do_writepages+0xd5/0x1f0\n filemap_fdatawrite_wbc+0x63/0x90\n __filemap_fdatawrite_range+0x5c/0x80\n btrfs_fdatawrite_range+0x1f/0x50\n btrfs_write_out_cache+0x507/0x560\n btrfs_write_dirty_block_groups+0x32a/0x420\n commit_cowonly_roots+0x21b/0x290\n btrfs_commit_transaction+0x813/0x1360\n btrfs_sync_file+0x51a/0x640\n __x64_sys_fdatasync+0x52/0x90\n do_syscall_64+0x9c/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThis happens because we fail to write out the free space cache in one\ninstance, come back around and attempt to write it again.  However on\nthe second pass through we go to call btrfs_get_extent() on the inode to\nget the extent mapping.  Because this is a new block group, and with the\nfree space inode we always search the commit root to avoid deadlocking\nwith the tree, we find nothing and return a EXTENT_MAP_HOLE for the\nrequested range.\n\nThis happens because the first time we try to write the space cache out\nwe hit an error, and on an error we drop the extent mapping.  This is\nnormal for normal files, but the free space cache inode is special.  We\nalways expect the extent map to be correct.  Thus the second time\nthrough we end up with a bogus extent map.\n\nSince we're deprecating this feature, the most straightforward way to\nfix this is to simply skip dropping the extent map range for this failed\nrange.\n\nI shortened the test by using error injection to stress the area to make\nit easier to reproduce.  With this patch in place we no longer panic\nwith my error injection test.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26726', 'https://git.kernel.org/linus/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade (6.8-rc5)', 'https://git.kernel.org/stable/c/02f2b95b00bf57d20320ee168b30fb7f3db8e555', 'https://git.kernel.org/stable/c/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade', 'https://git.kernel.org/stable/c/7bddf18f474f166c19f91b2baf67bf7c5eda03f7', 'https://git.kernel.org/stable/c/a4b7741c8302e28073bfc6dd1c2e73598e5e535e', 'https://lore.kernel.org/linux-cve-announce/2024040346-CVE-2024-26726-fed0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26726', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26726'], 'PublishedDate': '2024-04-03T15:15:54.313Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26739', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26739', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: net/sched: act_mirred: don't override retval if we already lost the skb", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don't override retval if we already lost the skb\n\nIf we're redirecting the skb, and haven't called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26739', 'https://git.kernel.org/linus/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 (6.8-rc6)', 'https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210', 'https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d', 'https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7', 'https://linux.oracle.com/cve/CVE-2024-26739.html', 'https://linux.oracle.com/errata/ELSA-2024-6997.html', 'https://lore.kernel.org/linux-cve-announce/2024040300-CVE-2024-26739-170e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26739', 'https://www.cve.org/CVERecord?id=CVE-2024-26739'], 'PublishedDate': '2024-04-03T17:15:51.367Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26740', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26740', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: act_mirred: use the backlog for mirred ingress', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 ("act_mirred: use the backlog\nfor nested calls to mirred ingress") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -> ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -> ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26740', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/52f671db18823089a02f07efc04efdb2272ddc17 (6.8-rc6)', 'https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17', 'https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be', 'https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4', 'https://linux.oracle.com/cve/CVE-2024-26740.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024040300-CVE-2024-26740-4d6f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26740', 'https://www.cve.org/CVERecord?id=CVE-2024-26740'], 'PublishedDate': '2024-04-03T17:15:51.41Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26742', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: smartpqi: Fix disable_managed_interrupts', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[    7.860089] scsi host2: smartpqi\n[    7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[    7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[    7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[    7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[    7.963026] Workqueue: events work_for_cpu_fn\n[    7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[    7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[    7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[    7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[    7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[    7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[    7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[    7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[    7.978290] FS:  0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[    7.978292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[    8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[    8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[    8.172818] PKRU: 55555554\n[    8.172819] Call Trace:\n[    8.172823]  blk_mq_alloc_tag_set+0x12e/0x310\n[    8.264339]  scsi_add_host_with_dma.cold.9+0x30/0x245\n[    8.279302]  pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[    8.294085]  ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[    8.309015]  pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[    8.323286]  local_pci_probe+0x42/0x80\n[    8.337855]  work_for_cpu_fn+0x16/0x20\n[    8.351193]  process_one_work+0x1a7/0x360\n[    8.364462]  ? create_worker+0x1a0/0x1a0\n[    8.379252]  worker_thread+0x1ce/0x390\n[    8.392623]  ? create_worker+0x1a0/0x1a0\n[    8.406295]  kthread+0x10a/0x120\n[    8.418428]  ? set_kthread_struct+0x50/0x50\n[    8.431532]  ret_from_fork+0x1f/0x40\n[    8.444137] ---[ end trace 1bf0173d39354506 ]---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26742', 'https://git.kernel.org/linus/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a (6.8-rc6)', 'https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe', 'https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df', 'https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a', 'https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d', 'https://linux.oracle.com/cve/CVE-2024-26742.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024040301-CVE-2024-26742-1b19@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26742', 'https://www.cve.org/CVERecord?id=CVE-2024-26742'], 'PublishedDate': '2024-04-03T17:15:51.517Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26756', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26756', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: md: Don't register sync_thread for reshape directly", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't register sync_thread for reshape directly\n\nCurrently, if reshape is interrupted, then reassemble the array will\nregister sync_thread directly from pers->run(), in this case\n'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee\nthat md_do_sync() will be executed, hence stop_sync_thread() will hang\nbecause 'MD_RECOVERY_RUNNING' can't be cleared.\n\nLast patch make sure that md_do_sync() will set MD_RECOVERY_DONE,\nhowever, following hang can still be triggered by dm-raid test\nshell/lvconvert-raid-reshape.sh occasionally:\n\n[root@fedora ~]# cat /proc/1982/stack\n[<0>] stop_sync_thread+0x1ab/0x270 [md_mod]\n[<0>] md_frozen_sync_thread+0x5c/0xa0 [md_mod]\n[<0>] raid_presuspend+0x1e/0x70 [dm_raid]\n[<0>] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]\n[<0>] __dm_destroy+0x2a5/0x310 [dm_mod]\n[<0>] dm_destroy+0x16/0x30 [dm_mod]\n[<0>] dev_remove+0x165/0x290 [dm_mod]\n[<0>] ctl_ioctl+0x4bb/0x7b0 [dm_mod]\n[<0>] dm_ctl_ioctl+0x11/0x20 [dm_mod]\n[<0>] vfs_ioctl+0x21/0x60\n[<0>] __x64_sys_ioctl+0xb9/0xe0\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nMeanwhile mddev->recovery is:\nMD_RECOVERY_RUNNING |\nMD_RECOVERY_INTR |\nMD_RECOVERY_RESHAPE |\nMD_RECOVERY_FROZEN\n\nFix this problem by remove the code to register sync_thread directly\nfrom raid10 and raid5. And let md_check_recovery() to register\nsync_thread.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26756', 'https://git.kernel.org/linus/ad39c08186f8a0f221337985036ba86731d6aafe (6.8-rc6)', 'https://git.kernel.org/stable/c/13b520fb62b772e408f9b79c5fe18ad414e90417', 'https://git.kernel.org/stable/c/ad39c08186f8a0f221337985036ba86731d6aafe', 'https://lore.kernel.org/linux-cve-announce/2024040303-CVE-2024-26756-135f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26756', 'https://www.cve.org/CVERecord?id=CVE-2024-26756'], 'PublishedDate': '2024-04-03T17:15:52.15Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26757', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26757', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: md: Don't ignore read-only array in md_check_recovery()", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\'t ignore read-only array in md_check_recovery()\n\nUsually if the array is not read-write, md_check_recovery() won\'t\nregister new sync_thread in the first place. And if the array is\nread-write and sync_thread is registered, md_set_readonly() will\nunregister sync_thread before setting the array read-only. md/raid\nfollow this behavior hence there is no problem.\n\nAfter commit f52f5c71f3d4 ("md: fix stopping sync thread"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) array is read-only. dm-raid update super block:\nrs_update_sbs\n ro = mddev->ro\n mddev->ro = 0\n  -> set array read-write\n md_update_sb\n\n2) register new sync thread concurrently.\n\n3) dm-raid set array back to read-only:\nrs_update_sbs\n mddev->ro = ro\n\n4) stop the array:\nraid_dtr\n md_stop\n  stop_sync_thread\n    set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n    md_wakeup_thread_directly(mddev->sync_thread);\n    wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n5) sync thread done:\n md_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n6) daemon thread can\'t unregister sync thread:\n md_check_recovery\n  if (!md_is_rdwr(mddev) &&\n      !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))\n   return;\n  -> -> MD_RECOVERY_RUNNING can\'t be cleared, hence step 4 hang;\n\nThe root cause is that dm-raid manipulate \'mddev->ro\' by itself,\nhowever, dm-raid really should stop sync thread before setting the\narray read-only. Unfortunately, I need to read more code before I\ncan refacter the handler of \'mddev->ro\' in dm-raid, hence let\'s fix\nthe problem the easy way for now to prevent dm-raid regression.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26757', 'https://git.kernel.org/linus/55a48ad2db64737f7ffc0407634218cc6e4c513b (6.8-rc6)', 'https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3', 'https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b', 'https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26757-7f96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26757', 'https://www.cve.org/CVERecord?id=CVE-2024-26757'], 'PublishedDate': '2024-04-03T17:15:52.207Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26758', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26758', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: md: Don't ignore suspended array in md_check_recovery()", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\'t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\'t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\'t be unregistered.\n\nAfter commit f52f5c71f3d4 ("md: fix stopping sync thread"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n  __md_stop_writes\n   stop_sync_thread\n    set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n    md_wakeup_thread_directly(mddev->sync_thread);\n    wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n4) daemon thread can\'t unregister sync thread:\nmd_check_recovery\n if (mddev->suspended)\n   return; -> return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);\n -> MD_RECOVERY_RUNNING can\'t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26758', 'https://git.kernel.org/linus/1baae052cccd08daf9a9d64c3f959d8cdb689757 (6.8-rc6)', 'https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757', 'https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0', 'https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26758-dcc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26758', 'https://www.cve.org/CVERecord?id=CVE-2024-26758'], 'PublishedDate': '2024-04-03T17:15:52.263Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26759', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26759', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/swap: fix race when skipping swapcache', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swap: fix race when skipping swapcache\n\nWhen skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads\nswapin the same entry at the same time, they get different pages (A, B). \nBefore one thread (T0) finishes the swapin and installs page (A) to the\nPTE, another thread (T1) could finish swapin of page (B), swap_free the\nentry, then swap out the possibly modified page reusing the same entry. \nIt breaks the pte_same check in (T0) because PTE value is unchanged,\ncausing ABA problem.  Thread (T0) will install a stalled page (A) into the\nPTE and cause data corruption.\n\nOne possible callstack is like this:\n\nCPU0                                 CPU1\n----                                 ----\ndo_swap_page()                       do_swap_page() with same entry\n<direct swapin path>                 <direct swapin path>\n<alloc page A>                       <alloc page B>\nswap_read_folio() <- read to page A  swap_read_folio() <- read to page B\n<slow on later locks or interrupt>   <finished swapin first>\n...                                  set_pte_at()\n                                     swap_free() <- entry is free\n                                     <write to page B, now page A stalled>\n                                     <swap out page B to same swap entry>\npte_same() <- Check pass, PTE seems\n              unchanged, but page A\n              is stalled!\nswap_free() <- page B content lost!\nset_pte_at() <- staled page A installed!\n\nAnd besides, for ZRAM, swap_free() allows the swap device to discard the\nentry content, so even if page (B) is not modified, if swap_read_folio()\non CPU0 happens later than swap_free() on CPU1, it may also cause data\nloss.\n\nTo fix this, reuse swapcache_prepare which will pin the swap entry using\nthe cache flag, and allow only one thread to swap it in, also prevent any\nparallel code from putting the entry in the cache.  Release the pin after\nPT unlocked.\n\nRacers just loop and wait since it\'s a rare and very short event.  A\nschedule_timeout_uninterruptible(1) call is added to avoid repeated page\nfaults wasting too much CPU, causing livelock or adding too much noise to\nperf statistics.  A similar livelock issue was described in commit\n029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead")\n\nReproducer:\n\nThis race issue can be triggered easily using a well constructed\nreproducer and patched brd (with a delay in read path) [1]:\n\nWith latest 6.8 mainline, race caused data loss can be observed easily:\n$ gcc -g -lpthread test-thread-swap-race.c && ./a.out\n  Polulating 32MB of memory region...\n  Keep swapping out...\n  Starting round 0...\n  Spawning 65536 workers...\n  32746 workers spawned, wait for done...\n  Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss!\n  Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss!\n  Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss!\n  Round 0 Failed, 15 data loss!\n\nThis reproducer spawns multiple threads sharing the same memory region\nusing a small swap device.  Every two threads updates mapped pages one by\none in opposite direction trying to create a race, with one dedicated\nthread keep swapping out the data out using madvise.\n\nThe reproducer created a reproduce rate of about once every 5 minutes, so\nthe race should be totally possible in production.\n\nAfter this patch, I ran the reproducer for over a few hundred rounds and\nno data loss observed.\n\nPerformance overhead is minimal, microbenchmark swapin 10G from 32G\nzram:\n\nBefore:     10934698 us\nAfter:      11157121 us\nCached:     13155355 us (Dropping SWP_SYNCHRONOUS_IO flag)\n\n[kasong@tencent.com: v4]\n  Link: https://lkml.kernel.org/r/20240219082040.7495-1-ryncsn@gmail.com', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-26759', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/13ddaf26be324a7f951891ecd9ccd04466d27458 (6.8-rc6)', 'https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458', 'https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95', 'https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a', 'https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d', 'https://linux.oracle.com/cve/CVE-2024-26759.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26759-45f1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26759', 'https://www.cve.org/CVERecord?id=CVE-2024-26759'], 'PublishedDate': '2024-04-03T17:15:52.32Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26767', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26767', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: fixed integer types and null check locations', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26767', 'https://git.kernel.org/linus/0484e05d048b66d01d1f3c1d2306010bb57d8738 (6.8-rc5)', 'https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738', 'https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375', 'https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7', 'https://lore.kernel.org/linux-cve-announce/2024040306-CVE-2024-26767-bdac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26767', 'https://www.cve.org/CVERecord?id=CVE-2024-26767'], 'PublishedDate': '2024-04-03T17:15:52.747Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26770', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: HID: nvidia-shield: Add missing null pointer checks to LED initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26770', 'https://git.kernel.org/linus/b6eda11c44dc89a681e1c105f0f4660e69b1e183 (6.8-rc3)', 'https://git.kernel.org/stable/c/83527a13740f57b45f162e3af4c7db4b88521100', 'https://git.kernel.org/stable/c/b6eda11c44dc89a681e1c105f0f4660e69b1e183', 'https://git.kernel.org/stable/c/e71cc4a1e584293deafff1a7dea614b0210d0443', 'https://lore.kernel.org/linux-cve-announce/2024040307-CVE-2024-26770-1c08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26770', 'https://www.cve.org/CVERecord?id=CVE-2024-26770'], 'PublishedDate': '2024-04-03T17:15:52.91Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26775', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: aoe: avoid potential deadlock at set_capacity', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (&d->lock).\nTo avoid possible interrupt unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n[1] lock(&bdev->bd_size_lock);\n                                local_irq_disable();\n                            [2] lock(&d->lock);\n                            [3] lock(&bdev->bd_size_lock);\n   <Interrupt>\n[4]  lock(&d->lock);\n\n  *** DEADLOCK ***\n\nWhere [1](&bdev->bd_size_lock) hold by zram_add()->set_capacity().\n[2]lock(&d->lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(&d->lock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](&d->lock) -> [3](&bdev->bd_size_lock) by moving set_capacity()\noutside.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26775', 'https://git.kernel.org/linus/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86 (6.8-rc2)', 'https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77', 'https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26', 'https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c', 'https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86', 'https://lore.kernel.org/linux-cve-announce/2024040309-CVE-2024-26775-8dc1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26775', 'https://www.cve.org/CVERecord?id=CVE-2024-26775'], 'PublishedDate': '2024-04-03T17:15:53.187Z', 'LastModifiedDate': '2024-04-03T17:24:18.15Z'}, {'VulnerabilityID': 'CVE-2024-26807', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26807', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: cadence-qspi: fix pointer reference in runtime PM hooks', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBoth cadence-quadspi ->runtime_suspend() and ->runtime_resume()\nimplementations start with:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nThis obviously cannot be correct, unless "struct cqspi_st" is the\nfirst member of " struct spi_controller", or the other way around, but\nit is not the case. "struct spi_controller" is allocated by\ndevm_spi_alloc_host(), which allocates an extra amount of memory for\nprivate data, used to store "struct cqspi_st".\n\nThe ->probe() function of the cadence-quadspi driver then sets the\ndevice drvdata to store the address of the "struct cqspi_st"\nstructure. Therefore:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\nis correct, but:\n\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nis not, as it makes "host" point not to a "struct spi_controller" but\nto the same "struct cqspi_st" structure as above.\n\nThis obviously leads to bad things (memory corruption, kernel crashes)\ndirectly during ->probe(), as ->probe() enables the device using PM\nruntime, leading the ->runtime_resume() hook being called, which in\nturns calls spi_controller_resume() with the wrong pointer.\n\nThis has at least been reported [0] to cause a kernel crash, but the\nexact behavior will depend on the memory contents.\n\n[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/\n\nThis issue potentially affects all platforms that are currently using\nthe cadence-quadspi driver.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26807', 'https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61', 'https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc', 'https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26807', 'https://www.cve.org/CVERecord?id=CVE-2024-26807'], 'PublishedDate': '2024-04-04T09:15:09.38Z', 'LastModifiedDate': '2024-06-20T10:15:09.303Z'}, {'VulnerabilityID': 'CVE-2024-26822', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26822', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: set correct id, uid and cruid for multiuser automounts', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: set correct id, uid and cruid for multiuser automounts\n\nWhen uid, gid and cruid are not specified, we need to dynamically\nset them into the filesystem context used for automounting otherwise\nthey'll end up reusing the values from the parent mount.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26822', 'https://git.kernel.org/linus/4508ec17357094e2075f334948393ddedbb75157 (6.8-rc5)', 'https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157', 'https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb', 'https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626', 'https://lore.kernel.org/linux-cve-announce/2024041702-CVE-2024-26822-04b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26822', 'https://ubuntu.com/security/notices/USN-6895-1', 'https://ubuntu.com/security/notices/USN-6895-2', 'https://ubuntu.com/security/notices/USN-6895-3', 'https://ubuntu.com/security/notices/USN-6895-4', 'https://ubuntu.com/security/notices/USN-6900-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26822'], 'PublishedDate': '2024-04-17T10:15:08.977Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26837', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26837', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr->mdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br->mdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge's\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n    root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \\\n    > ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n    root@infix-06-0b-00:~$ ip link del dev br0\n    root@infix-06-0b-00:~$ mvls atu\n    ADDRESS             FID  STATE      Q  F  0  1  2  3  4  5  6  7  8  9  a\n    DEV:0 Marvell 88E6393X\n    33:33:00:00:00:6a     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .\n    33:33:ff:87:e4:3f     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .\n    ff:ff:ff:ff:ff:ff     1  static     -  -  0  1  2  3  4  5  6  7  8  9  a\n    root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host's membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n    root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \\\n    > ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n   list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n   enqueued to the switchdev deferred queue, before adding it to the\n   replay list, when replaying additions.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26837', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/dc489f86257cab5056e747344f17a164f63bff4b (6.8-rc6)', 'https://git.kernel.org/stable/c/2d5b4b3376fa146a23917b8577064906d643925f', 'https://git.kernel.org/stable/c/603be95437e7fd85ba694e75918067fb9e7754db', 'https://git.kernel.org/stable/c/dc489f86257cab5056e747344f17a164f63bff4b', 'https://git.kernel.org/stable/c/e0b4c5b1d760008f1dd18c07c35af0442e54f9c8', 'https://linux.oracle.com/cve/CVE-2024-26837.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024041715-CVE-2024-26837-753c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26837', 'https://www.cve.org/CVERecord?id=CVE-2024-26837'], 'PublishedDate': '2024-04-17T10:15:09.757Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26842', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\n\nWhen task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\n\n[name:debug_monitors&]Unexpected kernel BRK exception at EL1\n[name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\n[name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done\n[name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\n[name:mrdump&]PHYS_OFFSET: 0x80000000\n[name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO)\n[name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\n[name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n[name:mrdump&]sp : ffffffc0081471b0\n<snip>\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\n dump_backtrace+0xf8/0x144\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x9c\n dump_stack+0x18/0x44\n mrdump_common_die+0x254/0x480 [mrdump]\n ipanic_die+0x20/0x30 [mrdump]\n notify_die+0x15c/0x204\n die+0x10c/0x5f8\n arm64_notify_die+0x74/0x13c\n do_debug_exception+0x164/0x26c\n el1_dbg+0x64/0x80\n el1h_64_sync_handler+0x3c/0x90\n el1h_64_sync+0x68/0x6c\n ufshcd_clear_cmd+0x280/0x288\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\n ufshcd_verify_dev_init+0x84/0x1c8\n ufshcd_probe_hba+0x724/0x1ce0\n ufshcd_host_reset_and_restore+0x260/0x574\n ufshcd_reset_and_restore+0x138/0xbd0\n ufshcd_err_handler+0x1218/0x2f28\n process_one_work+0x5fc/0x1140\n worker_thread+0x7d8/0xe20\n kthread+0x25c/0x468\n ret_from_fork+0x10/0x20', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26842', 'https://git.kernel.org/linus/b513d30d59bb383a6a5d6b533afcab2cee99a8f8 (6.8-rc4)', 'https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe', 'https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb', 'https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8', 'https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26842-d556@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26842', 'https://www.cve.org/CVERecord?id=CVE-2024-26842'], 'PublishedDate': '2024-04-17T10:15:09.997Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26844', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: Fix WARNING in _copy_from_iter', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix WARNING in _copy_from_iter\n\nSyzkaller reports a warning in _copy_from_iter because an\niov_iter is supposedly used in the wrong direction. The reason\nis that syzcaller managed to generate a request with\na transfer direction of SG_DXFER_TO_FROM_DEV. This instructs\nthe kernel to copy user buffers into the kernel, read into\nthe copied buffers and then copy the data back to user space.\n\nThus the iovec is used in both directions.\n\nDetect this situation in the block layer and construct a new\niterator with the correct direction for the copy-in.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26844', 'https://git.kernel.org/linus/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6 (6.8-rc2)', 'https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956', 'https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6', 'https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b', 'https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b', 'https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26844-c534@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26844', 'https://www.cve.org/CVERecord?id=CVE-2024-26844'], 'PublishedDate': '2024-04-17T10:15:10.093Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26853', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: avoid returning frame twice in XDP_REDIRECT', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid returning frame twice in XDP_REDIRECT\n\nWhen a frame can not be transmitted in XDP_REDIRECT\n(e.g. due to a full queue), it is necessary to free\nit by calling xdp_return_frame_rx_napi.\n\nHowever, this is the responsibility of the caller of\nthe ndo_xdp_xmit (see for example bq_xmit_all in\nkernel/bpf/devmap.c) and thus calling it inside\nigc_xdp_xmit (which is the ndo_xdp_xmit of the igc\ndriver) as well will lead to memory corruption.\n\nIn fact, bq_xmit_all expects that it can return all\nframes after the last successfully transmitted one.\nTherefore, break for the first not transmitted frame,\nbut do not call xdp_return_frame_rx_napi in igc_xdp_xmit.\nThis is equally implemented in other Intel drivers\nsuch as the igb.\n\nThere are two alternatives to this that were rejected:\n1. Return num_frames as all the frames would have been\n   transmitted and release them inside igc_xdp_xmit.\n   While it might work technically, it is not what\n   the return value is meant to represent (i.e. the\n   number of SUCCESSFULLY transmitted packets).\n2. Rework kernel/bpf/devmap.c and all drivers to\n   support non-consecutively dropped packets.\n   Besides being complex, it likely has a negative\n   performance impact without a significant gain\n   since it is anyway unlikely that the next frame\n   can be transmitted if the previous one was dropped.\n\nThe memory corruption can be reproduced with\nthe following script which leads to a kernel panic\nafter a few seconds.  It basically generates more\ntraffic than a i225 NIC can transmit and pushes it\nvia XDP_REDIRECT from a virtual interface to the\nphysical interface where frames get dropped.\n\n   #!/bin/bash\n   INTERFACE=enp4s0\n   INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex`\n\n   sudo ip link add dev veth1 type veth peer name veth2\n   sudo ip link set up $INTERFACE\n   sudo ip link set up veth1\n   sudo ip link set up veth2\n\n   cat << EOF > redirect.bpf.c\n\n   SEC("prog")\n   int redirect(struct xdp_md *ctx)\n   {\n       return bpf_redirect($INTERFACE_IDX, 0);\n   }\n\n   char _license[] SEC("license") = "GPL";\n   EOF\n   clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o\n   sudo ip link set veth2 xdp obj redirect.bpf.o\n\n   cat << EOF > pass.bpf.c\n\n   SEC("prog")\n   int pass(struct xdp_md *ctx)\n   {\n       return XDP_PASS;\n   }\n\n   char _license[] SEC("license") = "GPL";\n   EOF\n   clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o\n   sudo ip link set $INTERFACE xdp obj pass.bpf.o\n\n   cat << EOF > trafgen.cfg\n\n   {\n     /* Ethernet Header */\n     0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46,\n     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n     const16(ETH_P_IP),\n\n     /* IPv4 Header */\n     0b01000101, 0,   # IPv4 version, IHL, TOS\n     const16(1028),   # IPv4 total length (UDP length + 20 bytes (IP header))\n     const16(2),      # IPv4 ident\n     0b01000000, 0,   # IPv4 flags, fragmentation off\n     64,              # IPv4 TTL\n     17,              # Protocol UDP\n     csumip(14, 33),  # IPv4 checksum\n\n     /* UDP Header */\n     10,  0, 1, 1,    # IP Src - adapt as needed\n     10,  0, 1, 2,    # IP Dest - adapt as needed\n     const16(6666),   # UDP Src Port\n     const16(6666),   # UDP Dest Port\n     const16(1008),   # UDP length (UDP header 8 bytes + payload length)\n     csumudp(14, 34), # UDP checksum\n\n     /* Payload */\n     fill(\'W\', 1000),\n   }\n   EOF\n\n   sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-26853', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/ef27f655b438bed4c83680e4f01e1cde2739854b (6.8)', 'https://git.kernel.org/stable/c/1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f', 'https://git.kernel.org/stable/c/63a3c1f3c9ecc654d851e7906d05334cd0c236e2', 'https://git.kernel.org/stable/c/8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a', 'https://git.kernel.org/stable/c/ef27f655b438bed4c83680e4f01e1cde2739854b', 'https://linux.oracle.com/cve/CVE-2024-26853.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024041723-CVE-2024-26853-b549@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26853', 'https://www.cve.org/CVERecord?id=CVE-2024-26853'], 'PublishedDate': '2024-04-17T11:15:08.583Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26866', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: lpspi: Avoid potential use-after-free in probe()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: lpspi: Avoid potential use-after-free in probe()\n\nfsl_lpspi_probe() is allocating/disposing memory manually with\nspi_alloc_host()/spi_alloc_target(), but uses\ndevm_spi_register_controller(). In case of error after the latter call the\nmemory will be explicitly freed in the probe function by\nspi_controller_put() call, but used afterwards by "devm" management outside\nprobe() (spi_unregister_controller() <- devm_spi_unregister() below).\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\n...\nCall trace:\n kernfs_find_ns\n kernfs_find_and_get_ns\n sysfs_remove_group\n sysfs_remove_groups\n device_remove_attrs\n device_del\n spi_unregister_controller\n devm_spi_unregister\n release_nodes\n devres_release_all\n really_probe\n driver_probe_device\n __device_attach_driver\n bus_for_each_drv\n __device_attach\n device_initial_probe\n bus_probe_device\n deferred_probe_work_func\n process_one_work\n worker_thread\n kthread\n ret_from_fork', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26866', 'https://git.kernel.org/linus/2ae0ab0143fcc06190713ed81a6486ed0ad3c861 (6.9-rc1)', 'https://git.kernel.org/stable/c/1543418e82789cc383cd36d41469983c64e3fc7f', 'https://git.kernel.org/stable/c/2ae0ab0143fcc06190713ed81a6486ed0ad3c861', 'https://git.kernel.org/stable/c/996ce839606afd0fef91355627868022aa73eb68', 'https://git.kernel.org/stable/c/da83ed350e4604b976e94239b08d8e2e7eaee7ea', 'https://lore.kernel.org/linux-cve-announce/2024041737-CVE-2024-26866-1e98@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26866', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26866'], 'PublishedDate': '2024-04-17T11:15:09.253Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26869', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to truncate meta inode pages forcely', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t  - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n   due to lock failure or dirty|writeback\n   status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t  - load old data from meta_inode page\n\t\t\t\t\t  - f2fs_submit_page_write\n\t\t\t\t\t  : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26869', 'https://git.kernel.org/linus/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65 (6.9-rc1)', 'https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253', 'https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189', 'https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65', 'https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694', 'https://lore.kernel.org/linux-cve-announce/2024041738-CVE-2024-26869-c9e2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26869', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26869'], 'PublishedDate': '2024-04-17T11:15:09.413Z', 'LastModifiedDate': '2024-04-17T12:48:07.51Z'}, {'VulnerabilityID': 'CVE-2024-26876', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26876', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/bridge: adv7511: fix crash on irq during probe', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n    Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n    Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n    Call trace:\n     cec_received_msg_ts+0x48/0x990 [cec]\n     adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n     adv7511_irq_process+0xd8/0x120 [adv7511]\n     adv7511_irq_handler+0x1c/0x30 [adv7511]\n     irq_thread_fn+0x30/0xa0\n     irq_thread+0x14c/0x238\n     kthread+0x190/0x1a8', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26876', 'https://git.kernel.org/linus/aeedaee5ef5468caf59e2bb1265c2116e0c9a924 (6.9-rc1)', 'https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e', 'https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7', 'https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c', 'https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924', 'https://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26876-3948@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26876', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26876'], 'PublishedDate': '2024-04-17T11:15:09.777Z', 'LastModifiedDate': '2024-10-10T12:15:03.21Z'}, {'VulnerabilityID': 'CVE-2024-26928', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: potential use-after-free in cifs_debug_files_proc_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26928', 'https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3)', 'https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88', 'https://git.kernel.org/stable/c/3402faf78b2516b0af1259baff50cc8453ef0bd1', 'https://git.kernel.org/stable/c/a65f2b56334ba4dc30bd5ee9ce5b2691b973344d', 'https://git.kernel.org/stable/c/ca545b7f0823f19db0f1148d59bc5e1a56634502', 'https://lore.kernel.org/linux-cve-announce/2024042849-CVE-2024-26928-e543@gregkh/', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26928', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26928'], 'PublishedDate': '2024-04-28T12:15:21.14Z', 'LastModifiedDate': '2024-04-29T12:42:03.667Z'}, {'VulnerabilityID': 'CVE-2024-26938', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26938', 'https://git.kernel.org/linus/32e39bab59934bfd3f37097d4dd85ac5eb0fd549 (6.9-rc2)', 'https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549', 'https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6', 'https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac', 'https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f', 'https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0', 'https://lore.kernel.org/linux-cve-announce/2024050124-CVE-2024-26938-b3f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26938', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26938'], 'PublishedDate': '2024-05-01T06:15:09.077Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26944', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26944', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: zoned: fix use-after-free in do_zone_finish()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix use-after-free in do_zone_finish()\n\nShinichiro reported the following use-after-free triggered by the device\nreplace operation in fstests btrfs/070.\n\n BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0\n ==================================================================\n BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs]\n Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007\n\n CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G        W          6.8.0-rc5-kts #1\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x5b/0x90\n  print_report+0xcf/0x670\n  ? __virt_addr_valid+0x200/0x3e0\n  kasan_report+0xd8/0x110\n  ? do_zone_finish+0x91a/0xb90 [btrfs]\n  ? do_zone_finish+0x91a/0xb90 [btrfs]\n  do_zone_finish+0x91a/0xb90 [btrfs]\n  btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs]\n  ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs]\n  ? btrfs_put_root+0x2d/0x220 [btrfs]\n  ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs]\n  cleaner_kthread+0x21e/0x380 [btrfs]\n  ? __pfx_cleaner_kthread+0x10/0x10 [btrfs]\n  kthread+0x2e3/0x3c0\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x31/0x70\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1b/0x30\n  </TASK>\n\n Allocated by task 3493983:\n  kasan_save_stack+0x33/0x60\n  kasan_save_track+0x14/0x30\n  __kasan_kmalloc+0xaa/0xb0\n  btrfs_alloc_device+0xb3/0x4e0 [btrfs]\n  device_list_add.constprop.0+0x993/0x1630 [btrfs]\n  btrfs_scan_one_device+0x219/0x3d0 [btrfs]\n  btrfs_control_ioctl+0x26e/0x310 [btrfs]\n  __x64_sys_ioctl+0x134/0x1b0\n  do_syscall_64+0x99/0x190\n  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 3494056:\n  kasan_save_stack+0x33/0x60\n  kasan_save_track+0x14/0x30\n  kasan_save_free_info+0x3f/0x60\n  poison_slab_object+0x102/0x170\n  __kasan_slab_free+0x32/0x70\n  kfree+0x11b/0x320\n  btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs]\n  btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs]\n  btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs]\n  btrfs_ioctl+0xb27/0x57d0 [btrfs]\n  __x64_sys_ioctl+0x134/0x1b0\n  do_syscall_64+0x99/0x190\n  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n The buggy address belongs to the object at ffff8881543c8000\n  which belongs to the cache kmalloc-1k of size 1024\n The buggy address is located 96 bytes inside of\n  freed 1024-byte region [ffff8881543c8000, ffff8881543c8400)\n\n The buggy address belongs to the physical page:\n page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8\n head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002\n raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n  ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                                                        ^\n  ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n  ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nThis UAF happens because we're accessing stale zone information of a\nalready removed btrfs_device in do_zone_finish().\n\nThe sequence of events is as follows:\n\nbtrfs_dev_replace_start\n  btrfs_scrub_dev\n   btrfs_dev_replace_finishing\n    btrfs_dev_replace_update_device_in_mapping_tree <-- devices replaced\n    btrfs_rm_dev_replace_free_srcdev\n     btrfs_free_device                              <-- device freed\n\ncleaner_kthread\n btrfs_delete_unused_bgs\n  btrfs_zone_finish\n   do_zone_finish              <-- refers the freed device\n\nThe reason for this is that we're using a\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26944', 'https://git.kernel.org/linus/1ec17ef59168a1a6f1105f5dc517f783839a5302 (6.9-rc2)', 'https://git.kernel.org/stable/c/1ec17ef59168a1a6f1105f5dc517f783839a5302', 'https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57', 'https://lore.kernel.org/linux-cve-announce/2024050125-CVE-2024-26944-598c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26944', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26944'], 'PublishedDate': '2024-05-01T06:15:10.01Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26945', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26945', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: iaa - Fix nr_cpus &lt; nr_iaa case', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix nr_cpus < nr_iaa case\n\nIf nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which\ncauses a divide-by-0 in rebalance_wq_table().\n\nMake sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0\ncase, even though cpus_per_iaa is never used if nr_iaa == 0, for\nparanoia.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26945', 'https://git.kernel.org/linus/5a7e89d3315d1be86aff8a8bf849023cda6547f7 (6.9-rc2)', 'https://git.kernel.org/stable/c/5a7e89d3315d1be86aff8a8bf849023cda6547f7', 'https://git.kernel.org/stable/c/a5ca1be7f9817de4e93085778b3ee2219bdc2664', 'https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26945-bf47@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26945', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26945'], 'PublishedDate': '2024-05-01T06:15:10.177Z', 'LastModifiedDate': '2024-07-03T01:50:05.433Z'}, {'VulnerabilityID': 'CVE-2024-26948', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add a dc_state NULL check in dc_state_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add a dc_state NULL check in dc_state_release\n\n[How]\nCheck wheather state is NULL before releasing it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26948', 'https://git.kernel.org/linus/334b56cea5d9df5989be6cf1a5898114fa70ad98 (6.9-rc1)', 'https://git.kernel.org/stable/c/334b56cea5d9df5989be6cf1a5898114fa70ad98', 'https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269', 'https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26948-43bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26948', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26948'], 'PublishedDate': '2024-05-01T06:15:10.757Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26953', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: esp: fix bad handling of pages from page_pool', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp->inline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n  BUG: Bad page state in process ksoftirqd/16  pfn:1451b6\n  page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n  flags: 0x200000000000000(node=0|zone=2)\n  page_type: 0xffffffff()\n  raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n  raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n  page dumped because: page_pool leak\n  Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n  CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x36/0x50\n   bad_page+0x70/0xf0\n   free_unref_page_prepare+0x27a/0x460\n   free_unref_page+0x38/0x120\n   esp_ssg_unref.isra.0+0x15f/0x200\n   esp_output_tail+0x66d/0x780\n   esp_xmit+0x2c5/0x360\n   validate_xmit_xfrm+0x313/0x370\n   ? validate_xmit_skb+0x1d/0x330\n   validate_xmit_skb_list+0x4c/0x70\n   sch_direct_xmit+0x23e/0x350\n   __dev_queue_xmit+0x337/0xba0\n   ? nf_hook_slow+0x3f/0xd0\n   ip_finish_output2+0x25e/0x580\n   iptunnel_xmit+0x19b/0x240\n   ip_tunnel_xmit+0x5fb/0xb60\n   ipgre_xmit+0x14d/0x280 [ip_gre]\n   dev_hard_start_xmit+0xc3/0x1c0\n   __dev_queue_xmit+0x208/0xba0\n   ? nf_hook_slow+0x3f/0xd0\n   ip_finish_output2+0x1ca/0x580\n   ip_sublist_rcv_finish+0x32/0x40\n   ip_sublist_rcv+0x1b2/0x1f0\n   ? ip_rcv_finish_core.constprop.0+0x460/0x460\n   ip_list_rcv+0x103/0x130\n   __netif_receive_skb_list_core+0x181/0x1e0\n   netif_receive_skb_list_internal+0x1b3/0x2c0\n   napi_gro_receive+0xc8/0x200\n   gro_cell_poll+0x52/0x90\n   __napi_poll+0x25/0x1a0\n   net_rx_action+0x28e/0x300\n   __do_softirq+0xc3/0x276\n   ? sort_range+0x20/0x20\n   run_ksoftirqd+0x1e/0x30\n   smpboot_thread_fn+0xa6/0x130\n   kthread+0xcd/0x100\n   ? kthread_complete_and_exit+0x20/0x20\n   ret_from_fork+0x31/0x50\n   ? kthread_complete_and_exit+0x20/0x20\n   ret_from_fork_asm+0x11/0x20\n   </TASK>\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26953', 'https://git.kernel.org/linus/c3198822c6cb9fb588e446540485669cc81c5d34 (6.9-rc1)', 'https://git.kernel.org/stable/c/1abb20a5f4b02fb3020f88456fc1e6069b3cdc45', 'https://git.kernel.org/stable/c/8291b4eac429c480386669444c6377573f5d8664', 'https://git.kernel.org/stable/c/c3198822c6cb9fb588e446540485669cc81c5d34', 'https://git.kernel.org/stable/c/f278ff9db67264715d0d50e3e75044f8b78990f4', 'https://lore.kernel.org/linux-cve-announce/2024050128-CVE-2024-26953-8304@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26953', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26953'], 'PublishedDate': '2024-05-01T06:15:11.457Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26954', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26954', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf ->NameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26954', 'https://git.kernel.org/linus/a80a486d72e20bd12c335bcd38b6e6f19356b0aa (6.9-rc1)', 'https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57', 'https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178', 'https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa', 'https://lore.kernel.org/linux-cve-announce/2024050128-CVE-2024-26954-18d5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26954', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26954'], 'PublishedDate': '2024-05-01T06:15:11.583Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26962', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape\n\nFor raid456, if reshape is still in progress, then IO across reshape\nposition will wait for reshape to make progress. However, for dm-raid,\nin following cases reshape will never make progress hence IO will hang:\n\n1) the array is read-only;\n2) MD_RECOVERY_WAIT is set;\n3) MD_RECOVERY_FROZEN is set;\n\nAfter commit c467e97f079f ("md/raid6: use valid sector values to determine\nif an I/O should wait on the reshape") fix the problem that IO across\nreshape position doesn\'t wait for reshape, the dm-raid test\nshell/lvconvert-raid-reshape.sh start to hang:\n\n[root@fedora ~]# cat /proc/979/stack\n[<0>] wait_woken+0x7d/0x90\n[<0>] raid5_make_request+0x929/0x1d70 [raid456]\n[<0>] md_handle_request+0xc2/0x3b0 [md_mod]\n[<0>] raid_map+0x2c/0x50 [dm_raid]\n[<0>] __map_bio+0x251/0x380 [dm_mod]\n[<0>] dm_submit_bio+0x1f0/0x760 [dm_mod]\n[<0>] __submit_bio+0xc2/0x1c0\n[<0>] submit_bio_noacct_nocheck+0x17f/0x450\n[<0>] submit_bio_noacct+0x2bc/0x780\n[<0>] submit_bio+0x70/0xc0\n[<0>] mpage_readahead+0x169/0x1f0\n[<0>] blkdev_readahead+0x18/0x30\n[<0>] read_pages+0x7c/0x3b0\n[<0>] page_cache_ra_unbounded+0x1ab/0x280\n[<0>] force_page_cache_ra+0x9e/0x130\n[<0>] page_cache_sync_ra+0x3b/0x110\n[<0>] filemap_get_pages+0x143/0xa30\n[<0>] filemap_read+0xdc/0x4b0\n[<0>] blkdev_read_iter+0x75/0x200\n[<0>] vfs_read+0x272/0x460\n[<0>] ksys_read+0x7a/0x170\n[<0>] __x64_sys_read+0x1c/0x30\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nThis is because reshape can\'t make progress.\n\nFor md/raid, the problem doesn\'t exist because register new sync_thread\ndoesn\'t rely on the IO to be done any more:\n\n1) If array is read-only, it can switch to read-write by ioctl/sysfs;\n2) md/raid never set MD_RECOVERY_WAIT;\n3) If MD_RECOVERY_FROZEN is set, mddev_suspend() doesn\'t hold\n   \'reconfig_mutex\', hence it can be cleared and reshape can continue by\n   sysfs api \'sync_action\'.\n\nHowever, I\'m not sure yet how to avoid the problem in dm-raid yet. This\npatch on the one hand make sure raid_message() can\'t change\nsync_thread() through raid_message() after presuspend(), on the other\nhand detect the above 3 cases before wait for IO do be done in\ndm_suspend(), and let dm-raid requeue those IO.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26962', 'https://git.kernel.org/linus/41425f96d7aa59bc865f60f5dda3d7697b555677 (6.9-rc1)', 'https://git.kernel.org/stable/c/41425f96d7aa59bc865f60f5dda3d7697b555677', 'https://git.kernel.org/stable/c/5943a34bf6bab5801e08a55f63e1b8d5bc90dae1', 'https://git.kernel.org/stable/c/a8d249d770cb357d16a2097b548d2e4c1c137304', 'https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26962-cbb0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26962', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26962'], 'PublishedDate': '2024-05-01T06:15:12.527Z', 'LastModifiedDate': '2024-05-01T13:02:20.75Z'}, {'VulnerabilityID': 'CVE-2024-26982', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Squashfs: check the inode number is not the invalid value of zero', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check the inode number is not the invalid value of zero\n\nSyskiller has produced an out of bounds access in fill_meta_index().\n\nThat out of bounds access is ultimately caused because the inode\nhas an inode number with the invalid value of zero, which was not checked.\n\nThe reason this causes the out of bounds access is due to following\nsequence of events:\n\n1. Fill_meta_index() is called to allocate (via empty_meta_index())\n   and fill a metadata index.  It however suffers a data read error\n   and aborts, invalidating the newly returned empty metadata index.\n   It does this by setting the inode number of the index to zero,\n   which means unused (zero is not a valid inode number).\n\n2. When fill_meta_index() is subsequently called again on another\n   read operation, locate_meta_index() returns the previous index\n   because it matches the inode number of 0.  Because this index\n   has been returned it is expected to have been filled, and because\n   it hasn't been, an out of bounds access is performed.\n\nThis patch adds a sanity check which checks that the inode number\nis not zero when the inode is created and returns -EINVAL if it is.\n\n[phillip@squashfs.org.uk: whitespace fix]\n  Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-26982', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265794', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278435', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278473', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281647', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282669', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282898', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284506', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284598', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293412', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47459', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26737', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27030', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27046', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35857', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35885', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38580', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4928', 'https://git.kernel.org/linus/9253c54e01b6505d348afbc02abaa4d9f8a01395 (6.9-rc5)', 'https://git.kernel.org/stable/c/7def00ebc9f2d6a581ddf46ce4541f84a10680e5', 'https://git.kernel.org/stable/c/9253c54e01b6505d348afbc02abaa4d9f8a01395', 'https://git.kernel.org/stable/c/be383effaee3d89034f0828038f95065b518772e', 'https://linux.oracle.com/cve/CVE-2024-26982.html', 'https://linux.oracle.com/errata/ELSA-2024-4928.html', 'https://lore.kernel.org/linux-cve-announce/2024050141-CVE-2024-26982-8675@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26982', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26982'], 'PublishedDate': '2024-05-01T06:15:15.61Z', 'LastModifiedDate': '2024-05-03T06:15:10.953Z'}, {'VulnerabilityID': 'CVE-2024-26983', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26983', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bootconfig: use memblock_free_late to free xbc memory to buddy', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbootconfig: use memblock_free_late to free xbc memory to buddy\n\nOn the time to free xbc memory in xbc_exit(), memblock may has handed\nover memory to buddy allocator. So it doesn't make sense to free memory\nback to memblock. memblock_free() called by xbc_exit() even causes UAF bugs\non architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86.\nFollowing KASAN logs shows this case.\n\nThis patch fixes the xbc memory free problem by calling memblock_free()\nin early xbc init error rewind path and calling memblock_free_late() in\nxbc exit path to free memory to buddy allocator.\n\n[    9.410890] ==================================================================\n[    9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260\n[    9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1\n\n[    9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G     U             6.9.0-rc3-00208-g586b5dfb51b9 #5\n[    9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023\n[    9.460789] Call Trace:\n[    9.463518]  <TASK>\n[    9.465859]  dump_stack_lvl+0x53/0x70\n[    9.469949]  print_report+0xce/0x610\n[    9.473944]  ? __virt_addr_valid+0xf5/0x1b0\n[    9.478619]  ? memblock_isolate_range+0x12d/0x260\n[    9.483877]  kasan_report+0xc6/0x100\n[    9.487870]  ? memblock_isolate_range+0x12d/0x260\n[    9.493125]  memblock_isolate_range+0x12d/0x260\n[    9.498187]  memblock_phys_free+0xb4/0x160\n[    9.502762]  ? __pfx_memblock_phys_free+0x10/0x10\n[    9.508021]  ? mutex_unlock+0x7e/0xd0\n[    9.512111]  ? __pfx_mutex_unlock+0x10/0x10\n[    9.516786]  ? kernel_init_freeable+0x2d4/0x430\n[    9.521850]  ? __pfx_kernel_init+0x10/0x10\n[    9.526426]  xbc_exit+0x17/0x70\n[    9.529935]  kernel_init+0x38/0x1e0\n[    9.533829]  ? _raw_spin_unlock_irq+0xd/0x30\n[    9.538601]  ret_from_fork+0x2c/0x50\n[    9.542596]  ? __pfx_kernel_init+0x10/0x10\n[    9.547170]  ret_from_fork_asm+0x1a/0x30\n[    9.551552]  </TASK>\n\n[    9.555649] The buggy address belongs to the physical page:\n[    9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30\n[    9.570821] flags: 0x200000000000000(node=0|zone=2)\n[    9.576271] page_type: 0xffffffff()\n[    9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000\n[    9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000\n[    9.597476] page dumped because: kasan: bad access detected\n\n[    9.605362] Memory state around the buggy address:\n[    9.610714]  ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    9.618786]  ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[    9.634930]                    ^\n[    9.638534]  ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[    9.646605]  ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[    9.654675] ==================================================================", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26983', 'https://git.kernel.org/linus/89f9a1e876b5a7ad884918c03a46831af202c8a0 (6.9-rc5)', 'https://git.kernel.org/stable/c/1e7feb31a18c197d63a5e606025ed63c762f8918', 'https://git.kernel.org/stable/c/5a7dfb8fcd3f29fc93161100179b27f24f3d5f35', 'https://git.kernel.org/stable/c/89f9a1e876b5a7ad884918c03a46831af202c8a0', 'https://git.kernel.org/stable/c/e46d3be714ad9652480c6db129ab8125e2d20ab7', 'https://lore.kernel.org/linux-cve-announce/2024050142-CVE-2024-26983-9424@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26983', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26983'], 'PublishedDate': '2024-05-01T06:15:15.747Z', 'LastModifiedDate': '2024-05-13T08:15:10.75Z'}, {'VulnerabilityID': 'CVE-2024-27002', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27002', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: clk: mediatek: Do a runtime PM get on controllers during probe', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Do a runtime PM get on controllers during probe\n\nmt8183-mfgcfg has a mutual dependency with genpd during the probing\nstage, which leads to a deadlock in the following call stack:\n\nCPU0:  genpd_lock --> clk_prepare_lock\ngenpd_power_off_work_fn()\n genpd_lock()\n generic_pm_domain::power_off()\n    clk_unprepare()\n      clk_prepare_lock()\n\nCPU1: clk_prepare_lock --> genpd_lock\nclk_register()\n  __clk_core_init()\n    clk_prepare_lock()\n    clk_pm_runtime_get()\n      genpd_lock()\n\nDo a runtime PM get at the probe function to make sure clk_register()\nwon't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg,\ndo this on all mediatek clock controller probings because we don't\nbelieve this would cause any regression.\n\nVerified on MT8183 and MT8192 Chromebooks.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27002', 'https://git.kernel.org/linus/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3 (6.9-rc5)', 'https://git.kernel.org/stable/c/165d226472575b213dd90dfda19d1605dd7c19a8', 'https://git.kernel.org/stable/c/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3', 'https://git.kernel.org/stable/c/b62ed25feb342eab052822eff0c554873799a4f5', 'https://git.kernel.org/stable/c/c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc', 'https://lore.kernel.org/linux-cve-announce/2024050146-CVE-2024-27002-3b11@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27002', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27002'], 'PublishedDate': '2024-05-01T06:15:18.437Z', 'LastModifiedDate': '2024-05-13T08:15:11.473Z'}, {'VulnerabilityID': 'CVE-2024-27005', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27005', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: interconnect: Don&#39;t access req_list while it&#39;s being manipulated', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don\'t access req_list while it\'s being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn\'t adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(&icc_bw_lock);\n                                     icc_put(path_b)\n                                       mutex_lock(&icc_lock);\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                       hlist_del(...\n        <r = invalid pointer>\n\nExample B:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(&icc_bw_lock);\n                                     path_b = of_icc_get()\n                                       of_icc_get_by_index()\n                                         mutex_lock(&icc_lock);\n                                         path_find()\n                                           path_init()\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                             hlist_add_head(...\n        <r = invalid pointer>\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don\'t\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27005', 'https://git.kernel.org/linus/de1bf25b6d771abdb52d43546cf57ad775fb68a1 (6.9-rc5)', 'https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6', 'https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42', 'https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1', 'https://lore.kernel.org/linux-cve-announce/2024050147-CVE-2024-27005-e630@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27005', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27005'], 'PublishedDate': '2024-05-01T06:15:18.883Z', 'LastModifiedDate': '2024-05-13T08:15:11.68Z'}, {'VulnerabilityID': 'CVE-2024-27010', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: Fix mirred deadlock on device recursion', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[   82.890906]\n[   82.890906] ============================================\n[   82.890906] WARNING: possible recursive locking detected\n[   82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G        W\n[   82.890906] --------------------------------------------\n[   82.890906] ping/418 is trying to acquire lock:\n[   82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[   82.890906]\n[   82.890906] but task is already holding lock:\n[   82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[   82.890906]\n[   82.890906] other info that might help us debug this:\n[   82.890906]  Possible unsafe locking scenario:\n[   82.890906]\n[   82.890906]        CPU0\n[   82.890906]        ----\n[   82.890906]   lock(&sch->q.lock);\n[   82.890906]   lock(&sch->q.lock);\n[   82.890906]\n[   82.890906]  *** DEADLOCK ***\n[   82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n     action mirred egress redirect dev eth0\n\nAnother example(eth0->eth1->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n     action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n     action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27010', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/0f022d32c3eca477fbf79a205243a6123ed0fe11 (6.9-rc5)', 'https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11', 'https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef', 'https://linux.oracle.com/cve/CVE-2024-27010.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27010-5a68@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27010', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27010'], 'PublishedDate': '2024-05-01T06:15:19.467Z', 'LastModifiedDate': '2024-05-13T08:15:11.933Z'}, {'VulnerabilityID': 'CVE-2024-27014', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Prevent deadlock while disabling aRFS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv->state_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker's responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&priv->state_lock){+.+.}-{3:3}:\n       __mutex_lock+0x80/0xc90\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n       process_one_work+0x1dc/0x4a0\n       worker_thread+0x1bf/0x3c0\n       kthread+0xd7/0x100\n       ret_from_fork+0x2d/0x50\n       ret_from_fork_asm+0x11/0x20\n\n-> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}:\n       __lock_acquire+0x17b4/0x2c80\n       lock_acquire+0xd0/0x2b0\n       __flush_work+0x7a/0x4e0\n       __cancel_work_timer+0x131/0x1c0\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n       ethnl_set_channels+0x28f/0x3b0\n       ethnl_default_set_doit+0xec/0x240\n       genl_family_rcv_msg_doit+0xd0/0x120\n       genl_rcv_msg+0x188/0x2c0\n       netlink_rcv_skb+0x54/0x100\n       genl_rcv+0x24/0x40\n       netlink_unicast+0x1a1/0x270\n       netlink_sendmsg+0x214/0x460\n       __sock_sendmsg+0x38/0x60\n       __sys_sendto+0x113/0x170\n       __x64_sys_sendto+0x20/0x30\n       do_syscall_64+0x40/0xe0\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(&priv->state_lock);\n                               lock((work_completion)(&rule->arfs_work));\n                               lock(&priv->state_lock);\n  lock((work_completion)(&rule->arfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3627', 'https://access.redhat.com/security/cve/CVE-2024-27014', 'https://bugzilla.redhat.com/2250843', 'https://bugzilla.redhat.com/2257406', 'https://bugzilla.redhat.com/2263875', 'https://bugzilla.redhat.com/2265271', 'https://bugzilla.redhat.com/2265646', 'https://bugzilla.redhat.com/2265654', 'https://bugzilla.redhat.com/2265833', 'https://bugzilla.redhat.com/2266296', 'https://bugzilla.redhat.com/2266446', 'https://bugzilla.redhat.com/2266746', 'https://bugzilla.redhat.com/2266841', 'https://bugzilla.redhat.com/2267038', 'https://bugzilla.redhat.com/2267185', 'https://bugzilla.redhat.com/2267355', 'https://bugzilla.redhat.com/2267509', 'https://bugzilla.redhat.com/2267705', 'https://bugzilla.redhat.com/2267724', 'https://bugzilla.redhat.com/2267758', 'https://bugzilla.redhat.com/2267789', 'https://bugzilla.redhat.com/2267797', 'https://bugzilla.redhat.com/2267804', 'https://bugzilla.redhat.com/2268315', 'https://bugzilla.redhat.com/2268317', 'https://bugzilla.redhat.com/2269213', 'https://bugzilla.redhat.com/2269856', 'https://bugzilla.redhat.com/2270080', 'https://bugzilla.redhat.com/2270879', 'https://bugzilla.redhat.com/2270881', 'https://bugzilla.redhat.com/2271469', 'https://bugzilla.redhat.com/2271476', 'https://bugzilla.redhat.com/2272780', 'https://bugzilla.redhat.com/2272791', 'https://bugzilla.redhat.com/2273092', 'https://bugzilla.redhat.com/2273094', 'https://bugzilla.redhat.com/2273223', 'https://bugzilla.redhat.com/2273260', 'https://bugzilla.redhat.com/2273262', 'https://bugzilla.redhat.com/2274624', 'https://bugzilla.redhat.com/2275645', 'https://bugzilla.redhat.com/2275655', 'https://bugzilla.redhat.com/2275666', 'https://bugzilla.redhat.com/2275707', 'https://bugzilla.redhat.com/2275777', 'https://bugzilla.redhat.com/2278169', 'https://bugzilla.redhat.com/2278237', 'https://bugzilla.redhat.com/2278240', 'https://bugzilla.redhat.com/2278268', 'https://bugzilla.redhat.com/2278314', 'https://bugzilla.redhat.com/2278356', 'https://bugzilla.redhat.com/2278398', 'https://bugzilla.redhat.com/2278409', 'https://bugzilla.redhat.com/2278417', 'https://bugzilla.redhat.com/2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250843', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257406', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265646', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266296', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266446', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266746', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266841', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267038', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267185', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267355', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267705', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267724', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267789', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267804', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268291', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268293', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268309', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268315', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268317', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269213', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269856', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270080', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270881', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271469', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271476', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272791', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273092', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273094', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273223', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273260', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273262', 'https://bugzilla.redhat.com/show_bug.cgi?id=2274624', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275666', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275707', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275777', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278169', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278240', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278314', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278356', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278398', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278537', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25162', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47013', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47118', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47153', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47171', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47185', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52445', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52477', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52513', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52520', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52528', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52565', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52578', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23307', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26693', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26694', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26872', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26901', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26964', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26973', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26993', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27014', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27056', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27059', 'https://errata.almalinux.org/8/ALSA-2024-3627.html', 'https://errata.rockylinux.org/RLSA-2024:3618', 'https://git.kernel.org/linus/fef965764cf562f28afb997b626fc7c3cec99693 (6.9-rc5)', 'https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc', 'https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b', 'https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b', 'https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693', 'https://linux.oracle.com/cve/CVE-2024-27014.html', 'https://linux.oracle.com/errata/ELSA-2024-3618.html', 'https://lore.kernel.org/linux-cve-announce/2024050149-CVE-2024-27014-d2dc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27014', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27014'], 'PublishedDate': '2024-05-01T06:15:20.063Z', 'LastModifiedDate': '2024-05-23T19:15:45.993Z'}, {'VulnerabilityID': 'CVE-2024-27025', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27025', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nbd: null check for nla_nest_start', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27025', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)', 'https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d', 'https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e', 'https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced', 'https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8', 'https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797', 'https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983', 'https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a', 'https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf', 'https://linux.oracle.com/cve/CVE-2024-27025.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27025', 'https://www.cve.org/CVERecord?id=CVE-2024-27025'], 'PublishedDate': '2024-05-01T13:15:48.89Z', 'LastModifiedDate': '2024-06-25T22:15:28.24Z'}, {'VulnerabilityID': 'CVE-2024-27032', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27032', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to avoid potential panic during recovery', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential panic during recovery\n\nDuring recovery, if FAULT_BLOCK is on, it is possible that\nf2fs_reserve_new_block() will return -ENOSPC during recovery,\nthen it may trigger panic.\n\nAlso, if fault injection rate is 1 and only FAULT_BLOCK fault\ntype is on, it may encounter deadloop in loop of block reservation.\n\nLet's change as below to fix these issues:\n- remove bug_on() to avoid panic.\n- limit the loop count of block reservation to avoid potential\ndeadloop.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27032', 'https://git.kernel.org/linus/21ec68234826b1b54ab980a8df6e33c74cfbee58 (6.9-rc1)', 'https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58', 'https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c', 'https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1', 'https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67', 'https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0', 'https://lore.kernel.org/linux-cve-announce/2024050111-CVE-2024-27032-97a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27032', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27032'], 'PublishedDate': '2024-05-01T13:15:49.23Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27035', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27035', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: compress: fix to guarantee persisting compressed blocks by CP', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to guarantee persisting compressed blocks by CP\n\nIf data block in compressed cluster is not persisted with metadata\nduring checkpoint, after SPOR, the data may be corrupted, let's\nguarantee to write compressed page by checkpoint.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27035', 'https://git.kernel.org/linus/8a430dd49e9cb021372b0ad91e60aeef9c6ced00 (6.9-rc1)', 'https://git.kernel.org/stable/c/57e8b17d0522c8f4daf0c4d9969b4d7358033532', 'https://git.kernel.org/stable/c/82704e598d7b33c7e45526e34d3c585426319bed', 'https://git.kernel.org/stable/c/8a430dd49e9cb021372b0ad91e60aeef9c6ced00', 'https://git.kernel.org/stable/c/c3311694b9bcced233548574d414c91d39214684', 'https://git.kernel.org/stable/c/e54cce8137258a550b49cae45d09e024821fb28d', 'https://lore.kernel.org/linux-cve-announce/2024050111-CVE-2024-27035-1628@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27035', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27035'], 'PublishedDate': '2024-05-01T13:15:49.36Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27041', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27041', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: fix NULL checks for adev-&gt;dm.dc in amdgpu_dm_fini()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()\n\nSince \'adev->dm.dc\' in amdgpu_dm_fini() might turn out to be NULL\nbefore the call to dc_enable_dmub_notifications(), check\nbeforehand to ensure there will not be a possible NULL-ptr-deref\nthere.\n\nAlso, since commit 1e88eb1b2c25 ("drm/amd/display: Drop\nCONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in\n\'adev->dm.dc\' before dc_deinit_callbacks() and dc_dmub_srv_destroy().\nClean up by combining them all under one \'if\'.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27041', 'https://git.kernel.org/linus/2a3cfb9a24a28da9cc13d2c525a76548865e182c (6.9-rc1)', 'https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b', 'https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c', 'https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957', 'https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811', 'https://lore.kernel.org/linux-cve-announce/2024050112-CVE-2024-27041-7bf4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27041', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27041'], 'PublishedDate': '2024-05-01T13:15:49.647Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27056', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27056', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: ensure offloading TID queue exists\n\nThe resume code path assumes that the TX queue for the offloading TID\nhas been configured. At resume time it then tries to sync the write\npointer as it may have been updated by the firmware.\n\nIn the unusual event that no packets have been send on TID 0, the queue\nwill not have been allocated and this causes a crash. Fix this by\nensuring the queue exist at suspend time.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3627', 'https://access.redhat.com/security/cve/CVE-2024-27056', 'https://bugzilla.redhat.com/2250843', 'https://bugzilla.redhat.com/2257406', 'https://bugzilla.redhat.com/2263875', 'https://bugzilla.redhat.com/2265271', 'https://bugzilla.redhat.com/2265646', 'https://bugzilla.redhat.com/2265654', 'https://bugzilla.redhat.com/2265833', 'https://bugzilla.redhat.com/2266296', 'https://bugzilla.redhat.com/2266446', 'https://bugzilla.redhat.com/2266746', 'https://bugzilla.redhat.com/2266841', 'https://bugzilla.redhat.com/2267038', 'https://bugzilla.redhat.com/2267185', 'https://bugzilla.redhat.com/2267355', 'https://bugzilla.redhat.com/2267509', 'https://bugzilla.redhat.com/2267705', 'https://bugzilla.redhat.com/2267724', 'https://bugzilla.redhat.com/2267758', 'https://bugzilla.redhat.com/2267789', 'https://bugzilla.redhat.com/2267797', 'https://bugzilla.redhat.com/2267804', 'https://bugzilla.redhat.com/2268315', 'https://bugzilla.redhat.com/2268317', 'https://bugzilla.redhat.com/2269213', 'https://bugzilla.redhat.com/2269856', 'https://bugzilla.redhat.com/2270080', 'https://bugzilla.redhat.com/2270879', 'https://bugzilla.redhat.com/2270881', 'https://bugzilla.redhat.com/2271469', 'https://bugzilla.redhat.com/2271476', 'https://bugzilla.redhat.com/2272780', 'https://bugzilla.redhat.com/2272791', 'https://bugzilla.redhat.com/2273092', 'https://bugzilla.redhat.com/2273094', 'https://bugzilla.redhat.com/2273223', 'https://bugzilla.redhat.com/2273260', 'https://bugzilla.redhat.com/2273262', 'https://bugzilla.redhat.com/2274624', 'https://bugzilla.redhat.com/2275645', 'https://bugzilla.redhat.com/2275655', 'https://bugzilla.redhat.com/2275666', 'https://bugzilla.redhat.com/2275707', 'https://bugzilla.redhat.com/2275777', 'https://bugzilla.redhat.com/2278169', 'https://bugzilla.redhat.com/2278237', 'https://bugzilla.redhat.com/2278240', 'https://bugzilla.redhat.com/2278268', 'https://bugzilla.redhat.com/2278314', 'https://bugzilla.redhat.com/2278356', 'https://bugzilla.redhat.com/2278398', 'https://bugzilla.redhat.com/2278409', 'https://bugzilla.redhat.com/2278417', 'https://bugzilla.redhat.com/2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250843', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257406', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265646', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266296', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266446', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266746', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266841', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267038', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267185', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267355', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267705', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267724', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267789', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267804', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268291', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268293', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268309', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268315', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268317', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269213', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269856', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270080', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270881', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271469', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271476', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272791', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273092', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273094', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273223', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273260', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273262', 'https://bugzilla.redhat.com/show_bug.cgi?id=2274624', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275666', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275707', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275777', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278169', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278240', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278314', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278356', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278398', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278431', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278537', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25162', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47013', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47118', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47153', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47171', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47185', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52445', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52477', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52513', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52520', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52528', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52565', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52578', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23307', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26610', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26693', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26694', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26872', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26901', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26964', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26973', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26993', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27014', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27056', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27059', 'https://errata.almalinux.org/8/ALSA-2024-3627.html', 'https://errata.rockylinux.org/RLSA-2024:3618', 'https://git.kernel.org/linus/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f (6.8-rc7)', 'https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f', 'https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5', 'https://linux.oracle.com/cve/CVE-2024-27056.html', 'https://linux.oracle.com/errata/ELSA-2024-3618.html', 'https://lore.kernel.org/linux-cve-announce/2024050115-CVE-2024-27056-98c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27056', 'https://www.cve.org/CVERecord?id=CVE-2024-27056'], 'PublishedDate': '2024-05-01T13:15:50.36Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27057', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27057', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend\n\nWhen the system is suspended while audio is active, the\nsof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during\nsuspend the DSP is turned off, streams will be re-started after resume.\n\nIf the firmware crashes during while audio is running (or when we reset\nthe stream before suspend) then the sof_ipc4_set_multi_pipeline_state()\nwill fail with IPC error and the state change is interrupted.\nThis will cause misalignment between the kernel and firmware state on next\nDSP boot resulting errors returned by firmware for IPC messages, eventually\nfailing the audio resume.\nOn stream close the errors are ignored so the kernel state will be\ncorrected on the next DSP boot, so the second boot after the DSP panic.\n\nIf sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then\nstate parameter is SOF_IPC4_PIPE_RESET and only in this case.\n\nTreat a forced pipeline reset similarly to how we treat a pcm_free by\nignoring error on state sending to allow the kernel's state to be\nconsistent with the state the firmware will have after the next boot.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27057', 'https://git.kernel.org/linus/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 (6.8-rc5)', 'https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759', 'https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2', 'https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c', 'https://lore.kernel.org/linux-cve-announce/2024050116-CVE-2024-27057-c0fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27057', 'https://www.cve.org/CVERecord?id=CVE-2024-27057'], 'PublishedDate': '2024-05-01T13:15:50.4Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27062', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27062', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nouveau: lock the client object tree.', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: lock the client object tree.\n\nIt appears the client object tree has no locking unless I've missed\nsomething else. Fix races around adding/removing client objects,\nmostly vram bar mappings.\n\n 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI\n[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\n[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\n[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe\n[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206\n[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58\n[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400\n[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000\n[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0\n[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007\n[ 4562.099528] FS:  00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000\n[ 4562.099534] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0\n[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4562.099544] Call Trace:\n[ 4562.099555]  <TASK>\n[ 4562.099573]  ? die_addr+0x36/0x90\n[ 4562.099583]  ? exc_general_protection+0x246/0x4a0\n[ 4562.099593]  ? asm_exc_general_protection+0x26/0x30\n[ 4562.099600]  ? nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099730]  nvkm_ioctl+0xa1/0x250 [nouveau]\n[ 4562.099861]  nvif_object_map_handle+0xc8/0x180 [nouveau]\n[ 4562.099986]  nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]\n[ 4562.100156]  ? dma_resv_test_signaled+0x26/0xb0\n[ 4562.100163]  ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]\n[ 4562.100182]  ? __mutex_unlock_slowpath+0x2a/0x270\n[ 4562.100189]  nouveau_ttm_fault+0x69/0xb0 [nouveau]\n[ 4562.100356]  __do_fault+0x32/0x150\n[ 4562.100362]  do_fault+0x7c/0x560\n[ 4562.100369]  __handle_mm_fault+0x800/0xc10\n[ 4562.100382]  handle_mm_fault+0x17c/0x3e0\n[ 4562.100388]  do_user_addr_fault+0x208/0x860\n[ 4562.100395]  exc_page_fault+0x7f/0x200\n[ 4562.100402]  asm_exc_page_fault+0x26/0x30\n[ 4562.100412] RIP: 0033:0x9b9870\n[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7\n[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246\n[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000\n[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066\n[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000\n[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff\n[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 4562.100446]  </TASK>\n[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink \n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27062', 'https://git.kernel.org/linus/b7cc4ff787a572edf2c55caeffaa88cd801eb135 (6.8)', 'https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7', 'https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589', 'https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135', 'https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-27062-3291@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27062', 'https://www.cve.org/CVERecord?id=CVE-2024-27062'], 'PublishedDate': '2024-05-01T13:15:50.66Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27072', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27072', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: usbtv: Remove useless locks in usbtv_video_free()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Remove useless locks in usbtv_video_free()\n\nRemove locks calls in usbtv_video_free() because\nare useless and may led to a deadlock as reported here:\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\nAlso remove usbtv_stop() call since it will be called when\nunregistering the device.\n\nBefore 'c838530d230b' this issue would only be noticed if you\ndisconnect while streaming and now it is noticeable even when\ndisconnecting while not streaming.\n\n\n[hverkuil: fix minor spelling mistake in log message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27072', 'https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1)', 'https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2', 'https://git.kernel.org/stable/c/4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9', 'https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895', 'https://git.kernel.org/stable/c/bdd82c47b22a8befd617b723098b2a41b77373c7', 'https://git.kernel.org/stable/c/d5ed208d04acf06781d63d30f9fa991e8d609ebd', 'https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf', 'https://lore.kernel.org/linux-cve-announce/2024050133-CVE-2024-27072-301d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27072', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27072'], 'PublishedDate': '2024-05-01T13:15:51.127Z', 'LastModifiedDate': '2024-10-17T14:15:05.93Z'}, {'VulnerabilityID': 'CVE-2024-27389', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27389', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pstore: inode: Only d_invalidate() is needed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: inode: Only d_invalidate() is needed\n\nUnloading a modular pstore backend with records in pstorefs would\ntrigger the dput() double-drop warning:\n\n  WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410\n\nUsing the combo of d_drop()/dput() (as mentioned in\nDocumentation/filesystems/vfs.rst) isn't the right approach here, and\nleads to the reference counting problem seen above. Use d_invalidate()\nand update the code to not bother checking for error codes that can\nnever happen.\n\n---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27389', 'https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1)', 'https://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6', 'https://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3', 'https://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3', 'https://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a', 'https://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e', 'https://lore.kernel.org/linux-cve-announce/2024050135-CVE-2024-27389-fb3a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27389', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27389'], 'PublishedDate': '2024-05-01T13:15:51.653Z', 'LastModifiedDate': '2024-05-01T19:50:25.633Z'}, {'VulnerabilityID': 'CVE-2024-27400', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27400', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2\n\nThis reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move\non same heap. The basic problem here is that after the move the old\nlocation is simply not available any more.\n\nSome fixes were suggested, but essentially we should call the move\nnotification before actually moving things because only this way we have\nthe correct order for DMA-buf and VM move notifications as well.\n\nAlso rework the statistic handling so that we don't update the eviction\ncounter before the move.\n\nv2: add missing NULL check", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27400', 'https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7)', 'https://git.kernel.org/stable/c/0c7ed3ed35eec9138b88d42217b5a6b9a62bda4d', 'https://git.kernel.org/stable/c/5c25b169f9a0b34ee410891a96bc9d7b9ed6f9be', 'https://git.kernel.org/stable/c/9a4f6e138720b6e9adf7b82a71d0292f3f276480', 'https://git.kernel.org/stable/c/d3a9331a6591e9df64791e076f6591f440af51c3', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/', 'https://lore.kernel.org/linux-cve-announce/2024051317-CVE-2024-27400-3b00@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27400', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27400'], 'PublishedDate': '2024-05-14T15:12:29.26Z', 'LastModifiedDate': '2024-06-10T18:15:28.337Z'}, {'VulnerabilityID': 'CVE-2024-27402', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27402', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: phonet/pep: fix racy skb_queue_empty() use', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nphonet/pep: fix racy skb_queue_empty() use\n\nThe receive queues are protected by their respective spin-lock, not\nthe socket lock. This could lead to skb_peek() unexpectedly\nreturning NULL or a pointer to an already dequeued socket buffer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27402', 'https://git.kernel.org/linus/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 (6.8-rc6)', 'https://git.kernel.org/stable/c/0a9f558c72c47472c38c05fcb72c70abb9104277', 'https://git.kernel.org/stable/c/7d2a894d7f487dcb894df023e9d3014cf5b93fe5', 'https://git.kernel.org/stable/c/8ef4fcc7014b9f93619851d6b78d6cc2789a4c88', 'https://git.kernel.org/stable/c/9d5523e065b568e79dfaa2ea1085a5bcf74baf78', 'https://lore.kernel.org/linux-cve-announce/2024051736-CVE-2024-27402-90cf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27402', 'https://www.cve.org/CVERecord?id=CVE-2024-27402'], 'PublishedDate': '2024-05-17T12:15:09.757Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-27407', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27407', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Fixed overflow check in mi_enum_attr()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fixed overflow check in mi_enum_attr()', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-120'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27407', 'https://git.kernel.org/linus/652cfeb43d6b9aba5c7c4902bed7a7340df131fb (6.8-rc4)', 'https://git.kernel.org/stable/c/1c0a95d99b1b2b5d842e5abc7ef7eed1193b60d7', 'https://git.kernel.org/stable/c/652cfeb43d6b9aba5c7c4902bed7a7340df131fb', 'https://git.kernel.org/stable/c/8c77398c72618101d66480b94b34fe9087ee3d08', 'https://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-27407-976d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27407', 'https://www.cve.org/CVERecord?id=CVE-2024-27407'], 'PublishedDate': '2024-05-17T12:15:11Z', 'LastModifiedDate': '2024-07-03T01:50:38.343Z'}, {'VulnerabilityID': 'CVE-2024-27408', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27408', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup\n\nThe Linked list element and pointer are not stored in the same memory as\nthe eDMA controller register. If the doorbell register is toggled before\nthe full write of the linked list a race condition error will occur.\nIn remote setup we can only use a readl to the memory to assure the full\nwrite has occurred.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27408', 'https://git.kernel.org/linus/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba (6.8-rc7)', 'https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba', 'https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3', 'https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a', 'https://lore.kernel.org/linux-cve-announce/2024051700-CVE-2024-27408-6911@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27408', 'https://www.cve.org/CVERecord?id=CVE-2024-27408'], 'PublishedDate': '2024-05-17T12:15:11.223Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-27418', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27418', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mctp: take ownership of skb in mctp_local_output', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27418', 'https://git.kernel.org/linus/3773d65ae5154ed7df404b050fd7387a36ab5ef3 (6.8-rc7)', 'https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3', 'https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd', 'https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b', 'https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68', 'https://lore.kernel.org/linux-cve-announce/2024051703-CVE-2024-27418-3cda@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27418', 'https://www.cve.org/CVERecord?id=CVE-2024-27418'], 'PublishedDate': '2024-05-17T12:15:13.52Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-27435', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27435', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: fix reconnection fail due to reserved tag allocation', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix reconnection fail due to reserved tag allocation\n\nWe found a issue on production environment while using NVMe over RDMA,\nadmin_q reconnect failed forever while remote target and network is ok.\nAfter dig into it, we found it may caused by a ABBA deadlock due to tag\nallocation. In my case, the tag was hold by a keep alive request\nwaiting inside admin_q, as we quiesced admin_q while reset ctrl, so the\nrequest maked as idle and will not process before reset success. As\nfabric_q shares tagset with admin_q, while reconnect remote target, we\nneed a tag for connect command, but the only one reserved tag was held\nby keep alive command which waiting inside admin_q. As a result, we\nfailed to reconnect admin_q forever. In order to fix this issue, I\nthink we should keep two reserved tags for admin queue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-27435', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273082', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273466', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281131', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293230', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293456', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294225', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663', 'https://errata.rockylinux.org/RLSA-2024:4583', 'https://git.kernel.org/linus/de105068fead55ed5c07ade75e9c8e7f86a00d1d (6.9-rc1)', 'https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8', 'https://git.kernel.org/stable/c/262da920896e2f2ab0e3947d9dbee0aa09045818', 'https://git.kernel.org/stable/c/6851778504cdb49431809b4ba061903d5f592c96', 'https://git.kernel.org/stable/c/de105068fead55ed5c07ade75e9c8e7f86a00d1d', 'https://git.kernel.org/stable/c/ff2f90f88d78559802466ad1c84ac5bda4416b3a', 'https://linux.oracle.com/cve/CVE-2024-27435.html', 'https://linux.oracle.com/errata/ELSA-2024-4583.html', 'https://lore.kernel.org/linux-cve-announce/2024051710-CVE-2024-27435-c465@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27435', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27435'], 'PublishedDate': '2024-05-17T13:15:58.073Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35784', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix deadlock with fiemap and extent locking', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock with fiemap and extent locking\n\nWhile working on the patchset to remove extent locking I got a lockdep\nsplat with fiemap and pagefaulting with my new extent lock replacement\nlock.\n\nThis deadlock exists with our normal code, we just don't have lockdep\nannotations with the extent locking so we've never noticed it.\n\nSince we're copying the fiemap extent to user space on every iteration\nwe have the chance of pagefaulting.  Because we hold the extent lock for\nthe entire range we could mkwrite into a range in the file that we have\nmmap'ed.  This would deadlock with the following stack trace\n\n[<0>] lock_extent+0x28d/0x2f0\n[<0>] btrfs_page_mkwrite+0x273/0x8a0\n[<0>] do_page_mkwrite+0x50/0xb0\n[<0>] do_fault+0xc1/0x7b0\n[<0>] __handle_mm_fault+0x2fa/0x460\n[<0>] handle_mm_fault+0xa4/0x330\n[<0>] do_user_addr_fault+0x1f4/0x800\n[<0>] exc_page_fault+0x7c/0x1e0\n[<0>] asm_exc_page_fault+0x26/0x30\n[<0>] rep_movs_alternative+0x33/0x70\n[<0>] _copy_to_user+0x49/0x70\n[<0>] fiemap_fill_next_extent+0xc8/0x120\n[<0>] emit_fiemap_extent+0x4d/0xa0\n[<0>] extent_fiemap+0x7f8/0xad0\n[<0>] btrfs_fiemap+0x49/0x80\n[<0>] __x64_sys_ioctl+0x3e1/0xb50\n[<0>] do_syscall_64+0x94/0x1a0\n[<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nI wrote an fstest to reproduce this deadlock without my replacement lock\nand verified that the deadlock exists with our existing locking.\n\nTo fix this simply don't take the extent lock for the entire duration of\nthe fiemap.  This is safe in general because we keep track of where we\nare when we're searching the tree, so if an ordered extent updates in\nthe middle of our fiemap call we'll still emit the correct extents\nbecause we know what offset we were on before.\n\nThe only place we maintain the lock is searching delalloc.  Since the\ndelalloc stuff can change during writeback we want to lock the extent\nrange so we have a consistent view of delalloc at the time we're\nchecking to see if we need to set the delalloc flag.\n\nWith this patch applied we no longer deadlock with my testcase.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35784', 'https://git.kernel.org/linus/b0ad381fa7690244802aed119b478b4bdafc31dd (6.8-rc6)', 'https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b', 'https://git.kernel.org/stable/c/b0ad381fa7690244802aed119b478b4bdafc31dd', 'https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf', 'https://lore.kernel.org/linux-cve-announce/2024051704-CVE-2024-35784-6dec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35784', 'https://www.cve.org/CVERecord?id=CVE-2024-35784'], 'PublishedDate': '2024-05-17T13:15:58.27Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35790', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35790', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: altmodes/displayport: create sysfs nodes as driver&#39;s default device attribute group', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group\n\nThe DisplayPort driver's sysfs nodes may be present to the userspace before\ntypec_altmode_set_drvdata() completes in dp_altmode_probe. This means that\na sysfs read can trigger a NULL pointer error by deferencing dp->hpd in\nhpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns\nNULL in those cases.\n\nRemove manual sysfs node creation in favor of adding attribute group as\ndefault for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is\nnot used here otherwise the path to the sysfs nodes is no longer compliant\nwith the ABI.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35790', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/165376f6b23e9a779850e750fb2eb06622e5a531 (6.8)', 'https://git.kernel.org/stable/c/0ad011776c057ce881b7fd6d8c79ecd459c087e9', 'https://git.kernel.org/stable/c/165376f6b23e9a779850e750fb2eb06622e5a531', 'https://git.kernel.org/stable/c/4a22aeac24d0d5f26ba741408e8b5a4be6dc5dc0', 'https://linux.oracle.com/cve/CVE-2024-35790.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051708-CVE-2024-35790-6a80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35790', 'https://www.cve.org/CVERecord?id=CVE-2024-35790'], 'PublishedDate': '2024-05-17T13:15:58.8Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35794', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35794', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dm-raid: really frozen sync_thread during suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: really frozen sync_thread during suspend\n\n1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove\n   MD_RECOVERY_FROZEN from __md_stop_writes() and doesn\'t realize that\n   dm-raid relies on __md_stop_writes() to frozen sync_thread\n   indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\n   md_stop_writes(), and since stop_sync_thread() is only used for\n   dm-raid in this case, also move stop_sync_thread() to\n   md_stop_writes().\n2) The flag MD_RECOVERY_FROZEN doesn\'t mean that sync thread is frozen,\n   it only prevent new sync_thread to start, and it can\'t stop the\n   running sync thread; In order to frozen sync_thread, after seting the\n   flag, stop_sync_thread() should be used.\n3) The flag MD_RECOVERY_FROZEN doesn\'t mean that writes are stopped, use\n   it as condition for md_stop_writes() in raid_postsuspend() doesn\'t\n   look correct. Consider that reentrant stop_sync_thread() do nothing,\n   always call md_stop_writes() in raid_postsuspend().\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\n   and if MD_RECOVERY_FROZEN is cleared while the array is suspended,\n   new sync_thread can start unexpected. Fix this by disallow\n   raid_message() to change sync_thread status during suspend.\n\nNote that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\nand with previous fixes, the test won\'t hang there anymore, however, the\ntest will still fail and complain that ext4 is corrupted. And with this\npatch, the test won\'t hang due to stop_sync_thread() or fail due to ext4\nis corrupted anymore. However, there is still a deadlock related to\ndm-raid456 that will be fixed in following patches.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35794', 'https://git.kernel.org/linus/16c4770c75b1223998adbeb7286f9a15c65fba73 (6.9-rc1)', 'https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73', 'https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b', 'https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab', 'https://lore.kernel.org/linux-cve-announce/2024051709-CVE-2024-35794-f42d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35794', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35794'], 'PublishedDate': '2024-05-17T13:15:59.097Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35799', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35799', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Prevent crash when disable stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent crash when disable stream\n\n[Why]\nDisabling stream encoder invokes a function that no longer exists.\n\n[How]\nCheck if the function declaration is NULL in disable stream encoder.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35799', 'https://git.kernel.org/linus/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c (6.9-rc2)', 'https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48', 'https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06', 'https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38', 'https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c', 'https://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35799-75e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35799', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35799'], 'PublishedDate': '2024-05-17T14:15:12.42Z', 'LastModifiedDate': '2024-07-03T02:02:11.17Z'}, {'VulnerabilityID': 'CVE-2024-35801', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35801', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Keep xfd_state in sync with MSR_IA32_XFD\n\nCommit 672365477ae8 ("x86/fpu: Update XFD state where required") and\ncommit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a\nper CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in\norder to avoid unnecessary writes to the MSR.\n\nOn CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which\nwipes out any stale state. But the per CPU cached xfd value is not\nreset, which brings them out of sync.\n\nAs a consequence a subsequent xfd_update_state() might fail to update\nthe MSR which in turn can result in XRSTOR raising a #NM in kernel\nspace, which crashes the kernel.\n\nTo fix this, introduce xfd_set_state() to write xfd_state together\nwith MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35801', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/10e4b5166df9ff7a2d5316138ca668b42d004422 (6.9-rc1)', 'https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422', 'https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd', 'https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d', 'https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8', 'https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624', 'https://linux.oracle.com/cve/CVE-2024-35801.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35801-8038@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35801', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35801'], 'PublishedDate': '2024-05-17T14:15:12.827Z', 'LastModifiedDate': '2024-07-03T02:02:12.05Z'}, {'VulnerabilityID': 'CVE-2024-35803', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/efistub: Call mixed mode boot services on the firmware&#39;s stack', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efistub: Call mixed mode boot services on the firmware\'s stack\n\nNormally, the EFI stub calls into the EFI boot services using the stack\nthat was live when the stub was entered. According to the UEFI spec,\nthis stack needs to be at least 128k in size - this might seem large but\nall asynchronous processing and event handling in EFI runs from the same\nstack and so quite a lot of space may be used in practice.\n\nIn mixed mode, the situation is a bit different: the bootloader calls\nthe 32-bit EFI stub entry point, which calls the decompressor\'s 32-bit\nentry point, where the boot stack is set up, using a fixed allocation\nof 16k. This stack is still in use when the EFI stub is started in\n64-bit mode, and so all calls back into the EFI firmware will be using\nthe decompressor\'s limited boot stack.\n\nDue to the placement of the boot stack right after the boot heap, any\nstack overruns have gone unnoticed. However, commit\n\n  5c4feadb0011983b ("x86/decompressor: Move global symbol references to C code")\n\nmoved the definition of the boot heap into C code, and now the boot\nstack is placed right at the base of BSS, where any overruns will\ncorrupt the end of the .data section.\n\nWhile it would be possible to work around this by increasing the size of\nthe boot stack, doing so would affect all x86 systems, and mixed mode\nsystems are a tiny (and shrinking) fraction of the x86 installed base.\n\nSo instead, record the firmware stack pointer value when entering from\nthe 32-bit firmware, and switch to this stack every time a EFI boot\nservice call is made.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35803', 'https://git.kernel.org/linus/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02 (6.9-rc1)', 'https://git.kernel.org/stable/c/2149f8a56e2ed345c7a4d022a79f6b8fc53ae926', 'https://git.kernel.org/stable/c/725351c036452b7db5771a7bed783564bc4b99cc', 'https://git.kernel.org/stable/c/930775060ca348b8665f60eef14b204172d14f31', 'https://git.kernel.org/stable/c/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02', 'https://git.kernel.org/stable/c/fba7ee7187581b5bc222003e73e2592b398bb06d', 'https://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-35803-c81f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35803', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35803'], 'PublishedDate': '2024-05-17T14:15:13.337Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35808', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: md/dm-raid: don&#39;t call md_reap_sync_thread() directly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don\'t call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding \'reconfig_mutex\', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n\'reconfig_mutex\'.\n\nHowever, hold \'reconfig_mutex\' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b ("md: refactor\nidle/frozen_sync_thread() to fix deadlock").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35808', 'https://git.kernel.org/linus/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0 (6.9-rc1)', 'https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc', 'https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669', 'https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0', 'https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2024-35808-2bf6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35808', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35808'], 'PublishedDate': '2024-05-17T14:15:14.503Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35826', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: Fix page refcounts for unaligned buffers in __bio_release_pages()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35826', 'https://git.kernel.org/linus/38b43539d64b2fa020b3b9a752a986769f87f7a6 (6.9-rc1)', 'https://git.kernel.org/stable/c/242006996d15f5ca62e22f8c7de077d9c4a8f367', 'https://git.kernel.org/stable/c/38b43539d64b2fa020b3b9a752a986769f87f7a6', 'https://git.kernel.org/stable/c/7d3765550374f71248c55e6206ea1d6fd4537e65', 'https://git.kernel.org/stable/c/c9d3d2fbde9b8197bce88abcbe8ee8e713ffe7c2', 'https://git.kernel.org/stable/c/ecbd9ced84dd655a8f4cd49d2aad0e80dbf6bf35', 'https://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35826-c17f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35826', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35826'], 'PublishedDate': '2024-05-17T14:15:18.45Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35832', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit\n\nbch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.\nIt should be freed by kvfree not kfree.\nOr umount will triger:\n\n[  406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008\n[  406.830676 ] #PF: supervisor read access in kernel mode\n[  406.831643 ] #PF: error_code(0x0000) - not-present page\n[  406.832487 ] PGD 0 P4D 0\n[  406.832898 ] Oops: 0000 [#1] PREEMPT SMP PTI\n[  406.833512 ] CPU: 2 PID: 1754 Comm: umount Kdump: loaded Tainted: G           OE      6.7.0-rc7-custom+ #90\n[  406.834746 ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[  406.835796 ] RIP: 0010:kfree+0x62/0x140\n[  406.836197 ] Code: 80 48 01 d8 0f 82 e9 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 78 9f 1f 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 56 9f 1f 01 <48> 8b 50 08 48 89 c7 f6 c2 01 0f 85 b0 00 00 00 66 90 48 8b 07 f6\n[  406.837810 ] RSP: 0018:ffffb9d641607e48 EFLAGS: 00010286\n[  406.838213 ] RAX: ffffe7b487148000 RBX: ffffb9d645200000 RCX: ffffb9d641607dc4\n[  406.838738 ] RDX: 000065bb00000000 RSI: ffffffffc0d88b84 RDI: ffffb9d645200000\n[  406.839217 ] RBP: ffff9a4625d00068 R08: 0000000000000001 R09: 0000000000000001\n[  406.839650 ] R10: 0000000000000001 R11: 000000000000001f R12: ffff9a4625d4da80\n[  406.840055 ] R13: ffff9a4625d00000 R14: ffffffffc0e2eb20 R15: 0000000000000000\n[  406.840451 ] FS:  00007f0a264ffb80(0000) GS:ffff9a4e2d500000(0000) knlGS:0000000000000000\n[  406.840851 ] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  406.841125 ] CR2: ffffe7b487148008 CR3: 000000018c4d2000 CR4: 00000000000006f0\n[  406.841464 ] Call Trace:\n[  406.841583 ]  <TASK>\n[  406.841682 ]  ? __die+0x1f/0x70\n[  406.841828 ]  ? page_fault_oops+0x159/0x470\n[  406.842014 ]  ? fixup_exception+0x22/0x310\n[  406.842198 ]  ? exc_page_fault+0x1ed/0x200\n[  406.842382 ]  ? asm_exc_page_fault+0x22/0x30\n[  406.842574 ]  ? bch2_fs_release+0x54/0x280 [bcachefs]\n[  406.842842 ]  ? kfree+0x62/0x140\n[  406.842988 ]  ? kfree+0x104/0x140\n[  406.843138 ]  bch2_fs_release+0x54/0x280 [bcachefs]\n[  406.843390 ]  kobject_put+0xb7/0x170\n[  406.843552 ]  deactivate_locked_super+0x2f/0xa0\n[  406.843756 ]  cleanup_mnt+0xba/0x150\n[  406.843917 ]  task_work_run+0x59/0xa0\n[  406.844083 ]  exit_to_user_mode_prepare+0x197/0x1a0\n[  406.844302 ]  syscall_exit_to_user_mode+0x16/0x40\n[  406.844510 ]  do_syscall_64+0x4e/0xf0\n[  406.844675 ]  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[  406.844907 ] RIP: 0033:0x7f0a2664e4fb', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35832', 'https://git.kernel.org/linus/369acf97d6fd5da620d053d0f1878ffe32eff555 (6.8-rc1)', 'https://git.kernel.org/stable/c/369acf97d6fd5da620d053d0f1878ffe32eff555', 'https://git.kernel.org/stable/c/56590678791119b9a655202e49898edfb9307271', 'https://lore.kernel.org/linux-cve-announce/2024051730-CVE-2024-35832-b2f8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35832', 'https://www.cve.org/CVERecord?id=CVE-2024-35832'], 'PublishedDate': '2024-05-17T14:15:19.71Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35839', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35839', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh->arp_queue while waiting for an arp\nreply. Where original skb's skb->dev can be different to neigh's\nneigh->dev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh->arp_queue of the bridge.\n\nAs skb->dev can be reset back to nf_bridge->physindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn't cleanup skbs from\ndifferent device's neigh queue) we can crash on e.g. this stack:\n\narp_process\n  neigh_update\n    skb = __skb_dequeue(&neigh->arp_queue)\n      neigh_resolve_output(..., skb)\n        ...\n          br_nf_dev_xmit\n            br_nf_pre_routing_finish_bridge_slow\n              skb->dev = nf_bridge->physindev\n              br_handle_frame_finish\n\nLet's use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don't get it and drop skb.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35839', 'https://git.kernel.org/linus/9874808878d9eed407e3977fd11fee49de1e1d86 (6.8-rc1)', 'https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c', 'https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b', 'https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547', 'https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86', 'https://linux.oracle.com/cve/CVE-2024-35839.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35839-4194@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35839', 'https://ubuntu.com/security/notices/USN-6818-1', 'https://ubuntu.com/security/notices/USN-6818-2', 'https://ubuntu.com/security/notices/USN-6818-3', 'https://ubuntu.com/security/notices/USN-6818-4', 'https://ubuntu.com/security/notices/USN-6819-1', 'https://ubuntu.com/security/notices/USN-6819-2', 'https://ubuntu.com/security/notices/USN-6819-3', 'https://ubuntu.com/security/notices/USN-6819-4', 'https://www.cve.org/CVERecord?id=CVE-2024-35839'], 'PublishedDate': '2024-05-17T15:15:21.017Z', 'LastModifiedDate': '2024-05-17T18:35:35.07Z'}, {'VulnerabilityID': 'CVE-2024-35843', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: iommu/vt-d: Use device rbtree in iopf reporting path', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Use device rbtree in iopf reporting path\n\nThe existing I/O page fault handler currently locates the PCI device by\ncalling pci_get_domain_bus_and_slot(). This function searches the list\nof all PCI devices until the desired device is found. To improve lookup\nefficiency, replace it with device_rbtree_find() to search the device\nwithin the probed device rbtree.\n\nThe I/O page fault is initiated by the device, which does not have any\nsynchronization mechanism with the software to ensure that the device\nstays in the probed device tree. Theoretically, a device could be released\nby the IOMMU subsystem after device_rbtree_find() and before\niopf_get_dev_fault_param(), which would cause a use-after-free problem.\n\nAdd a mutex to synchronize the I/O page fault reporting path and the IOMMU\nrelease device path. This lock doesn't introduce any performance overhead,\nas the conflict between I/O page fault reporting and device releasing is\nvery rare.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35843', 'https://git.kernel.org/linus/def054b01a867822254e1dda13d587f5c7a99e2a (6.9-rc1)', 'https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15', 'https://git.kernel.org/stable/c/def054b01a867822254e1dda13d587f5c7a99e2a', 'https://lore.kernel.org/linux-cve-announce/2024051717-CVE-2024-35843-516e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35843', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35843'], 'PublishedDate': '2024-05-17T15:15:21.313Z', 'LastModifiedDate': '2024-07-03T02:02:16.58Z'}, {'VulnerabilityID': 'CVE-2024-35861', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35861', 'https://git.kernel.org/linus/e0e50401cc3921c9eaf1b0e667db174519ea939f (6.9-rc3)', 'https://git.kernel.org/stable/c/2cfff21732132e363b4cc275d63ea98f1af726c1', 'https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4', 'https://git.kernel.org/stable/c/e0e50401cc3921c9eaf1b0e667db174519ea939f', 'https://git.kernel.org/stable/c/f9a96a7ad1e8d25dc6662bc7552e0752de74a20d', 'https://lore.kernel.org/linux-cve-announce/2024051937-CVE-2024-35861-dcfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35861', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35861'], 'PublishedDate': '2024-05-19T09:15:07.717Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35862', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35862', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in smb2_is_network_name_deleted()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_network_name_deleted()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35862', 'https://git.kernel.org/linus/63981561ffd2d4987807df4126f96a11e18b0c1d (6.9-rc3)', 'https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d', 'https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01', 'https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645', 'https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c', 'https://lore.kernel.org/linux-cve-announce/2024051937-CVE-2024-35862-eda2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35862', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35862'], 'PublishedDate': '2024-05-19T09:15:07.797Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35863', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35863', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in is_valid_oplock_break()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35863', 'https://git.kernel.org/linus/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 (6.9-rc3)', 'https://git.kernel.org/stable/c/0a15ba88a32fa7a516aff7ffd27befed5334dff2', 'https://git.kernel.org/stable/c/16d58c6a7db5050b9638669084b63fc05f951825', 'https://git.kernel.org/stable/c/494c91e1e9413b407d12166a61b84200d4d54fac', 'https://git.kernel.org/stable/c/69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29', 'https://lore.kernel.org/linux-cve-announce/2024051938-CVE-2024-35863-7c05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35863', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35863'], 'PublishedDate': '2024-05-19T09:15:07.88Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35864', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35864', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in smb2_is_valid_lease_break()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_lease_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35864', 'https://git.kernel.org/linus/705c76fbf726c7a2f6ff9143d4013b18daaaebf1 (6.9-rc3)', 'https://git.kernel.org/stable/c/705c76fbf726c7a2f6ff9143d4013b18daaaebf1', 'https://git.kernel.org/stable/c/a8344e2b69bde63f713b0aa796d70dbeadffddfb', 'https://git.kernel.org/stable/c/c868cabdf6fdd61bea54532271f4708254e57fc5', 'https://git.kernel.org/stable/c/f92739fdd4522c4291277136399353d7c341fae4', 'https://lore.kernel.org/linux-cve-announce/2024051938-CVE-2024-35864-3536@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35864', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35864'], 'PublishedDate': '2024-05-19T09:15:07.957Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35865', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35865', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in smb2_is_valid_oplock_break()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35865', 'https://git.kernel.org/linus/22863485a4626ec6ecf297f4cc0aef709bc862e4 (6.9-rc3)', 'https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd', 'https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4', 'https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628', 'https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7', 'https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35865-c095@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35865', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35865'], 'PublishedDate': '2024-05-19T09:15:08.033Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35866', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_dump_full_key()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_dump_full_key()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35866', 'https://git.kernel.org/linus/58acd1f497162e7d282077f816faa519487be045 (6.9-rc3)', 'https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682', 'https://git.kernel.org/stable/c/3103163ccd3be4adcfa37e15608fb497be044113', 'https://git.kernel.org/stable/c/58acd1f497162e7d282077f816faa519487be045', 'https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35866-97e5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35866', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35866'], 'PublishedDate': '2024-05-19T09:15:08.123Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35867', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35867', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_stats_proc_show()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/29/2', 'http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-35867', 'https://git.kernel.org/linus/0865ffefea197b437ba78b5dd8d8e256253efd65 (6.9-rc3)', 'https://git.kernel.org/stable/c/0865ffefea197b437ba78b5dd8d8e256253efd65', 'https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49', 'https://git.kernel.org/stable/c/1e12f0d5c66f07c934041621351973a116fa13c7', 'https://git.kernel.org/stable/c/c3cf8b74c57924c0985e49a1fdf02d3395111f39', 'https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35867-15e3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35867', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35867'], 'PublishedDate': '2024-05-19T09:15:08.197Z', 'LastModifiedDate': '2024-06-10T18:15:35.32Z'}, {'VulnerabilityID': 'CVE-2024-35868', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35868', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix potential UAF in cifs_stats_proc_write()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_write()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35868', 'https://git.kernel.org/linus/d3da25c5ac84430f89875ca7485a3828150a7e0a (6.9-rc3)', 'https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b', 'https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72', 'https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7', 'https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a', 'https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35868-be7a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35868', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35868'], 'PublishedDate': '2024-05-19T09:15:08.267Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35869', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35869', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: guarantee refcounted children from parent session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: guarantee refcounted children from parent session\n\nAvoid potential use-after-free bugs when walking DFS referrals,\nmounting and performing DFS failover by ensuring that all children\nfrom parent @tcon->ses are also refcounted.  They're all needed across\nthe entire DFS mount.  Get rid of @tcon->dfs_ses_list while we're at\nit, too.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35869', 'https://git.kernel.org/linus/062a7f0ff46eb57aff526897bd2bebfdb1d3046a (6.9-rc3)', 'https://git.kernel.org/stable/c/062a7f0ff46eb57aff526897bd2bebfdb1d3046a', 'https://git.kernel.org/stable/c/645f332c6b63499cc76197f9b6bffcc659ba64cc', 'https://git.kernel.org/stable/c/e1db9ae87b7148c021daee1fcc4bc71b2ac58a79', 'https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35869-73f8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35869', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35869'], 'PublishedDate': '2024-05-19T09:15:08.34Z', 'LastModifiedDate': '2024-07-03T02:02:21.027Z'}, {'VulnerabilityID': 'CVE-2024-35870', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb: client: fix UAF in smb2_reconnect_server()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in smb2_reconnect_server()\n\nThe UAF bug is due to smb2_reconnect_server() accessing a session that\nis already being teared down by another thread that is executing\n__cifs_put_smb_ses().  This can happen when (a) the client has\nconnection to the server but no session or (b) another thread ends up\nsetting @ses->ses_status again to something different than\nSES_EXITING.\n\nTo fix this, we need to make sure to unconditionally set\n@ses->ses_status to SES_EXITING and prevent any other threads from\nsetting a new status while we're still tearing it down.\n\nThe following can be reproduced by adding some delay to right after\nthe ipc is freed in __cifs_put_smb_ses() - which will give\nsmb2_reconnect_server() worker a chance to run and then accessing\n@ses->ipc:\n\nkinit ...\nmount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10\n[disconnect srv]\nls /mnt/1 &>/dev/null\nsleep 30\nkdestroy\n[reconnect srv]\nsleep 10\numount /mnt/1\n...\nCIFS: VFS: Verify user has a krb5 ticket and keyutils is installed\nCIFS: VFS: \\\\srv Send error in SessSetup = -126\nCIFS: VFS: Verify user has a krb5 ticket and keyutils is installed\nCIFS: VFS: \\\\srv Send error in SessSetup = -126\ngeneral protection fault, probably for non-canonical address\n0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39\n04/01/2014\nWorkqueue: cifsiod smb2_reconnect_server [cifs]\nRIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0\nCode: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad\nde 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75\n7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8\nRSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83\nRAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b\nRDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800\nRBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000\nR13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000\nFS: 0000000000000000(0000) GS:ffff888157c00000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? die_addr+0x36/0x90\n ? exc_general_protection+0x1c1/0x3f0\n ? asm_exc_general_protection+0x26/0x30\n ? __list_del_entry_valid_or_report+0x33/0xf0\n __cifs_put_smb_ses+0x1ae/0x500 [cifs]\n smb2_reconnect_server+0x4ed/0x710 [cifs]\n process_one_work+0x205/0x6b0\n worker_thread+0x191/0x360\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe2/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35870', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280745', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281740', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282336', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47400', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27393', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://errata.rockylinux.org/RLSA-2024:4349', 'https://git.kernel.org/linus/24a9799aa8efecd0eb55a75e35f9d8e6400063aa (6.9-rc3)', 'https://git.kernel.org/stable/c/24a9799aa8efecd0eb55a75e35f9d8e6400063aa', 'https://git.kernel.org/stable/c/45f2beda1f1bc3d962ec07db1ccc3197c25499a5', 'https://git.kernel.org/stable/c/6202996a1c1887e83d0b3b0fcd86d0e5e6910ea0', 'https://linux.oracle.com/cve/CVE-2024-35870.html', 'https://linux.oracle.com/errata/ELSA-2024-4349.html', 'https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35870-3c02@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35870', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35870'], 'PublishedDate': '2024-05-19T09:15:08.427Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35875', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35875', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/coco: Require seeding RNG with RDRAND on CoCo systems\n\nThere are few uses of CoCo that don\'t rely on working cryptography and\nhence a working RNG. Unfortunately, the CoCo threat model means that the\nVM host cannot be trusted and may actively work against guests to\nextract secrets or manipulate computation. Since a malicious host can\nmodify or observe nearly all inputs to guests, the only remaining source\nof entropy for CoCo guests is RDRAND.\n\nIf RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole\nis meant to gracefully continue on gathering entropy from other sources,\nbut since there aren\'t other sources on CoCo, this is catastrophic.\nThis is mostly a concern at boot time when initially seeding the RNG, as\nafter that the consequences of a broken RDRAND are much more\ntheoretical.\n\nSo, try at boot to seed the RNG using 256 bits of RDRAND output. If this\nfails, panic(). This will also trigger if the system is booted without\nRDRAND, as RDRAND is essential for a safe CoCo boot.\n\nAdd this deliberately to be "just a CoCo x86 driver feature" and not\npart of the RNG itself. Many device drivers and platforms have some\ndesire to contribute something to the RNG, and add_device_randomness()\nis specifically meant for this purpose.\n\nAny driver can call it with seed data of any quality, or even garbage\nquality, and it can only possibly make the quality of the RNG better or\nhave no effect, but can never make it worse.\n\nRather than trying to build something into the core of the RNG, consider\nthe particular CoCo issue just a CoCo issue, and therefore separate it\nall out into driver (well, arch/platform) code.\n\n  [ bp: Massage commit message. ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269436', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273141', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275678', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278206', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281052', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281151', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282709', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293273', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300414', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300491', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300713', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301637', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131', 'https://errata.rockylinux.org/RLSA-2024:6567', 'https://git.kernel.org/linus/99485c4c026f024e7cb82da84c7951dbe3deb584 (6.9-rc3)', 'https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e', 'https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374', 'https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5', 'https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584', 'https://linux.oracle.com/cve/CVE-2024-35875.html', 'https://linux.oracle.com/errata/ELSA-2024-6567.html', 'https://lore.kernel.org/linux-cve-announce/2024051942-CVE-2024-35875-e23d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35875', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35875'], 'PublishedDate': '2024-05-19T09:15:08.833Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35878', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35878', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of: module: prevent NULL pointer dereference in vsnprintf()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35878', 'https://git.kernel.org/linus/a1aa5390cc912934fee76ce80af5f940452fa987 (6.9-rc3)', 'https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898', 'https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987', 'https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b', 'https://lore.kernel.org/linux-cve-announce/2024051943-CVE-2024-35878-5af8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35878', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35878'], 'PublishedDate': '2024-05-19T09:15:09.09Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35887', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35887', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: fix use-after-free bugs caused by ax25_ds_del_timer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix use-after-free bugs caused by ax25_ds_del_timer\n\nWhen the ax25 device is detaching, the ax25_dev_device_down()\ncalls ax25_ds_del_timer() to cleanup the slave_timer. When\nthe timer handler is running, the ax25_ds_del_timer() that\ncalls del_timer() in it will return directly. As a result,\nthe use-after-free bugs could happen, one of the scenarios\nis shown below:\n\n      (Thread 1)          |      (Thread 2)\n                          | ax25_ds_timeout()\nax25_dev_device_down()    |\n  ax25_ds_del_timer()     |\n    del_timer()           |\n  ax25_dev_put() //FREE   |\n                          |  ax25_dev-> //USE\n\nIn order to mitigate bugs, when the device is detaching, use\ntimer_shutdown_sync() to stop the timer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35887', 'https://git.kernel.org/linus/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 (6.9-rc3)', 'https://git.kernel.org/stable/c/74204bf9050f7627aead9875fe4e07ba125cb19b', 'https://git.kernel.org/stable/c/c6a368f9c7af4c14b14d390c2543af8001c9bdb9', 'https://git.kernel.org/stable/c/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89', 'https://lore.kernel.org/linux-cve-announce/2024051947-CVE-2024-35887-9c08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35887', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35887'], 'PublishedDate': '2024-05-19T09:15:09.837Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35892', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35892', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix lockdep splat in qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() is called with the qdisc lock held,\nnot RTNL.\n\nWe must use qdisc_lookup_rcu() instead of qdisc_lookup()\n\nsyzbot reported:\n\nWARNING: suspicious RCU usage\n6.1.74-syzkaller #0 Not tainted\n-----------------------------\nnet/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n3 locks held by udevd/1142:\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282\n  #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]\n  #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]\n  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792\n\nstack backtrace:\nCPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall Trace:\n <TASK>\n  [<ffffffff85b85f14>] __dump_stack lib/dump_stack.c:88 [inline]\n  [<ffffffff85b85f14>] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106\n  [<ffffffff85b86007>] dump_stack+0x15/0x1e lib/dump_stack.c:113\n  [<ffffffff81802299>] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592\n  [<ffffffff84f0054c>] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305\n  [<ffffffff84f037c3>] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811\n  [<ffffffff84f5b78c>] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51\n  [<ffffffff84fbcf63>] qdisc_enqueue include/net/sch_generic.h:833 [inline]\n  [<ffffffff84fbcf63>] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723\n  [<ffffffff84eecab9>] dequeue_skb net/sched/sch_generic.c:292 [inline]\n  [<ffffffff84eecab9>] qdisc_restart net/sched/sch_generic.c:397 [inline]\n  [<ffffffff84eecab9>] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415\n  [<ffffffff84d7aa96>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125\n  [<ffffffff84d85d29>] net_tx_action+0x7c9/0x970 net/core/dev.c:5313\n  [<ffffffff85e002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616\n  [<ffffffff81568bca>] invoke_softirq kernel/softirq.c:447 [inline]\n  [<ffffffff81568bca>] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700\n  [<ffffffff81568ae9>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712\n  [<ffffffff85b89f52>] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107\n  [<ffffffff85c00ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35892', 'https://git.kernel.org/linus/7eb322360b0266481e560d1807ee79e0cef5742b (6.9-rc3)', 'https://git.kernel.org/stable/c/07696415526bee0607e495017369c7303a4792e1', 'https://git.kernel.org/stable/c/7eb322360b0266481e560d1807ee79e0cef5742b', 'https://git.kernel.org/stable/c/b7d1ce2cc7192e8a037faa3f5d3ba72c25976460', 'https://git.kernel.org/stable/c/c040b99461a5bfc14c2d0cbb1780fcc3a4706c7e', 'https://lore.kernel.org/linux-cve-announce/2024051949-CVE-2024-35892-0f0c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35892', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35892'], 'PublishedDate': '2024-05-19T09:15:10.23Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35904', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux: avoid dereference of garbage after mount failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: avoid dereference of garbage after mount failure\n\nIn case kern_mount() fails and returns an error pointer return in the\nerror branch instead of continuing and dereferencing the error pointer.\n\nWhile on it drop the never read static variable selinuxfs_mount.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-35904', 'https://git.kernel.org/linus/37801a36b4d68892ce807264f784d818f8d0d39b (6.9-rc3)', 'https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b', 'https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e', 'https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c', 'https://lore.kernel.org/linux-cve-announce/2024051953-CVE-2024-35904-7f85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35904', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35904'], 'PublishedDate': '2024-05-19T09:15:11.19Z', 'LastModifiedDate': '2024-06-10T17:16:31.803Z'}, {'VulnerabilityID': 'CVE-2024-35908', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tls: get psock ref after taking rxlock to avoid leak', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: get psock ref after taking rxlock to avoid leak\n\nAt the start of tls_sw_recvmsg, we take a reference on the psock, and\nthen call tls_rx_reader_lock. If that fails, we return directly\nwithout releasing the reference.\n\nInstead of adding a new label, just take the reference after locking\nhas succeeded, since we don't need it before.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35908', 'https://git.kernel.org/linus/417e91e856099e9b8a42a2520e2255e6afe024be (6.9-rc2)', 'https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8', 'https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be', 'https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3', 'https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096', 'https://lore.kernel.org/linux-cve-announce/2024051955-CVE-2024-35908-e78a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35908', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35908'], 'PublishedDate': '2024-05-19T09:15:11.477Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35920', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35920', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: adding lock to protect decoder context list', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: adding lock to protect decoder context list\n\nAdd a lock for the ctx_list, to avoid accessing a NULL pointer\nwithin the 'vpu_dec_ipi_handler' function when the ctx_list has\nbeen deleted due to an unexpected behavior on the SCP IP block.\n\nHardware name: Google juniper sku16 board (DT)\npstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)\npc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec]\nlr : scp_ipi_handler+0xd0/0x194 [mtk_scp]\nsp : ffffffc0131dbbd0\nx29: ffffffc0131dbbd0 x28: 0000000000000000\nx27: ffffff9bb277f348 x26: ffffff9bb242ad00\nx25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4\nx23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0\nx21: 0000000000000010 x20: ffffff9b050ea328\nx19: ffffffc0131dbc08 x18: 0000000000001000\nx17: 0000000000000000 x16: ffffffd2d461c6e0\nx15: 0000000000000242 x14: 000000000000018f\nx13: 000000000000004d x12: 0000000000000000\nx11: 0000000000000001 x10: fffffffffffffff0\nx9 : ffffff9bb6e793a8 x8 : 0000000000000000\nx7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : fffffffffffffff0\nx3 : 0000000000000020 x2 : ffffff9bb6e79080\nx1 : 0000000000000010 x0 : ffffffc0131dbc08\nCall trace:\nvpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)]\nscp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)]\nmt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)]\nscp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)]\nirq_thread_fn+0x38/0x94\nirq_thread+0x100/0x1c0\nkthread+0x140/0x1fc\nret_from_fork+0x10/0x30\nCode: 54000088 f94ca50a eb14015f 54000060 (f9400108)\n---[ end trace ace43ce36cbd5c93 ]---\nKernel panic - not syncing: Oops: Fatal exception\nSMP: stopping secondary CPUs\nKernel Offset: 0x12c4000000 from 0xffffffc010000000\nPHYS_OFFSET: 0xffffffe580000000\nCPU features: 0x08240002,2188200c\nMemory Limit: none", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35920', 'https://git.kernel.org/linus/6467cda18c9f9b5f2f9a0aa1e2861c653e41f382 (6.9-rc4)', 'https://git.kernel.org/stable/c/0a2dc707aa42214f9c4827bd57e344e29a0841d6', 'https://git.kernel.org/stable/c/23aaf824121055ba81b55f75444355bd83c8eb38', 'https://git.kernel.org/stable/c/6467cda18c9f9b5f2f9a0aa1e2861c653e41f382', 'https://lore.kernel.org/linux-cve-announce/2024051913-CVE-2024-35920-ceed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35920', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35920'], 'PublishedDate': '2024-05-19T11:15:48.373Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35924', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35924', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: ucsi: Limit read size on v1.2', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Limit read size on v1.2\n\nBetween UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was\nincreased from 16 to 256. In order to avoid overflowing reads for older\nsystems, add a mechanism to use the read UCSI version to truncate read\nsizes on UCSI v1.2.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35924', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/b3db266fb031fba88c423d4bb8983a73a3db6527 (6.9-rc1)', 'https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f', 'https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40', 'https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527', 'https://linux.oracle.com/cve/CVE-2024-35924.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051914-CVE-2024-35924-90f6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35924', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35924'], 'PublishedDate': '2024-05-19T11:15:48.653Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35926', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35926', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: iaa - Fix async_disable descriptor leak', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix async_disable descriptor leak\n\nThe disable_async paths of iaa_compress/decompress() don't free idxd\ndescriptors in the async_disable case. Currently this only happens in\nthe testcases where req->dst is set to null. Add a test to free them\nin those paths.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35926', 'https://git.kernel.org/linus/262534ddc88dfea7474ed18adfecf856e4fbe054 (6.9-rc1)', 'https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054', 'https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35926-d677@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35926', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35926'], 'PublishedDate': '2024-05-19T11:15:48.793Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35928', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()\n\nThis ensures that the memory mapped by ioremap for adev->rmmio, is\nproperly handled in amdgpu_device_init(). If the function exits early\ndue to an error, the memory is unmapped. If the function completes\nsuccessfully, the memory remains mapped.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35928', 'https://git.kernel.org/linus/eb4f139888f636614dab3bcce97ff61cefc4b3a7 (6.9-rc1)', 'https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69', 'https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c', 'https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587', 'https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7', 'https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35928-ead3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35928', 'https://www.cve.org/CVERecord?id=CVE-2024-35928'], 'PublishedDate': '2024-05-19T11:15:48.93Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35929', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()\n\nFor the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and\nCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()\nin the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:\n\n        CPU2                                               CPU11\nkthread\nrcu_nocb_cb_kthread                                       ksys_write\nrcu_do_batch                                              vfs_write\nrcu_torture_timer_cb                                      proc_sys_write\n__kmem_cache_free                                         proc_sys_call_handler\nkmemleak_free                                             drop_caches_sysctl_handler\ndelete_object_full                                        drop_slab\n__delete_object                                           shrink_slab\nput_object                                                lazy_rcu_shrink_scan\ncall_rcu                                                  rcu_nocb_flush_bypass\n__call_rcu_commn                                            rcu_nocb_bypass_lock\n                                                            raw_spin_trylock(&rdp->nocb_bypass_lock) fail\n                                                            atomic_inc(&rdp->nocb_lock_contended);\nrcu_nocb_wait_contended                                     WARN_ON_ONCE(smp_processor_id() != rdp->cpu);\n WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended))                                          |\n                            |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|\n\nReproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".\n\nThis commit therefore uses rcu_nocb_try_flush_bypass() instead of\nrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan().  If the nocb_bypass\nqueue is being flushed, then rcu_nocb_try_flush_bypass will return\ndirectly.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35929', 'https://git.kernel.org/linus/dda98810b552fc6bf650f4270edeebdc2f28bd3f (6.9-rc1)', 'https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc', 'https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a', 'https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f', 'https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35929-6f74@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35929', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35929'], 'PublishedDate': '2024-05-19T11:15:48.993Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35931', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Skip do PCI error slot reset during RAS recovery', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n    The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n    caused system hang.\n    [  557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n    [  557.373718] [drm] PCIE GART of 512M enabled.\n    [  557.373722] [drm] PTB located at 0x0000031FED700000\n    [  557.373788] [drm] VRAM is lost due to GPU reset!\n    [  557.373789] [drm] PSP is resuming...\n    [  557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n    [  557.547067] [drm] PCI error: detected callback, state(1)!!\n    [  557.547069] [drm] No support for XGMI hive yet...\n    [  557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n    [  557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n    [  557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n    [  557.610492] [drm] PCI error: slot reset callback!!\n    ...\n    [  560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n    [  560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n    [  560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n    [  560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G           OE     5.15.0-91-generic #101-Ubuntu\n    [  560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n    [  560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n    [  560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n    [  560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff <48> 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n    [  560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n    [  560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n    [  560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n    [  560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n    [  560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n    [  560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n    [  560.803889] FS:  0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n    [  560.812973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    [  560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n    [  560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    [  560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n    [  560.843444] PKRU: 55555554\n    [  560.846480] Call Trace:\n    [  560.849225]  <TASK>\n    [  560.851580]  ? show_trace_log_lvl+0x1d6/0x2ea\n    [  560.856488]  ? show_trace_log_lvl+0x1d6/0x2ea\n    [  560.861379]  ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n    [  560.867778]  ? show_regs.part.0+0x23/0x29\n    [  560.872293]  ? __die_body.cold+0x8/0xd\n    [  560.876502]  ? die_addr+0x3e/0x60\n    [  560.880238]  ? exc_general_protection+0x1c5/0x410\n    [  560.885532]  ? asm_exc_general_protection+0x27/0x30\n    [  560.891025]  ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n    [  560.898323]  amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n    [  560.904520]  process_one_work+0x228/0x3d0\nHow:\n    In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n    all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35931', 'https://git.kernel.org/linus/601429cca96b4af3be44172c3b64e4228515dbe1 (6.9-rc1)', 'https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35', 'https://git.kernel.org/stable/c/601429cca96b4af3be44172c3b64e4228515dbe1', 'https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35931-430d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35931', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35931'], 'PublishedDate': '2024-05-19T11:15:49.133Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35932', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35932', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/vc4: don't check if plane->state->fb == state->fb", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: don't check if plane->state->fb == state->fb\n\nCurrently, when using non-blocking commits, we can see the following\nkernel warning:\n\n[  110.908514] ------------[ cut here ]------------\n[  110.908529] refcount_t: underflow; use-after-free.\n[  110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0\n[  110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[  110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G         C         6.1.66-v8+ #32\n[  110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[  110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  110.909132] pc : refcount_dec_not_one+0xb8/0xc0\n[  110.909152] lr : refcount_dec_not_one+0xb4/0xc0\n[  110.909170] sp : ffffffc00913b9c0\n[  110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60\n[  110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480\n[  110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78\n[  110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000\n[  110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004\n[  110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003\n[  110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00\n[  110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572\n[  110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000\n[  110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001\n[  110.909434] Call trace:\n[  110.909441]  refcount_dec_not_one+0xb8/0xc0\n[  110.909461]  vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4]\n[  110.909903]  vc4_cleanup_fb+0x44/0x50 [vc4]\n[  110.910315]  drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper]\n[  110.910669]  vc4_atomic_commit_tail+0x390/0x9dc [vc4]\n[  110.911079]  commit_tail+0xb0/0x164 [drm_kms_helper]\n[  110.911397]  drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper]\n[  110.911716]  drm_atomic_commit+0xb0/0xdc [drm]\n[  110.912569]  drm_mode_atomic_ioctl+0x348/0x4b8 [drm]\n[  110.913330]  drm_ioctl_kernel+0xec/0x15c [drm]\n[  110.914091]  drm_ioctl+0x24c/0x3b0 [drm]\n[  110.914850]  __arm64_sys_ioctl+0x9c/0xd4\n[  110.914873]  invoke_syscall+0x4c/0x114\n[  110.914897]  el0_svc_common+0xd0/0x118\n[  110.914917]  do_el0_svc+0x38/0xd0\n[  110.914936]  el0_svc+0x30/0x8c\n[  110.914958]  el0t_64_sync_handler+0x84/0xf0\n[  110.914979]  el0t_64_sync+0x18c/0x190\n[  110.914996] ---[ end trace 0000000000000000 ]---\n\nThis happens because, although `prepare_fb` and `cleanup_fb` are\nperfectly balanced, we cannot guarantee consistency in the check\nplane->state->fb == state->fb. This means that sometimes we can increase\nthe refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The\nopposite can also be true.\n\nIn fact, the struct drm_plane .state shouldn't be accessed directly\nbut instead, the `drm_atomic_get_new_plane_state()` helper function should\nbe used. So, we could stick to this check, but using\n`drm_atomic_get_new_plane_state()`. But actually, this check is not re\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35932', 'https://git.kernel.org/linus/5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 (6.9-rc1)', 'https://git.kernel.org/stable/c/48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40', 'https://git.kernel.org/stable/c/5343f724c912c77541029123f47ecd3d2ea63bdd', 'https://git.kernel.org/stable/c/5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9', 'https://git.kernel.org/stable/c/d6b2fe2db1d0927b2d7df5c763eba55d0e1def3c', 'https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35932-b008@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35932', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35932'], 'PublishedDate': '2024-05-19T11:15:49.203Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35937', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35937', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: cfg80211: check A-MSDU format more carefully', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.8}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35937', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/9ad7974856926129f190ffbe3beea78460b3b7cc (6.9-rc1)', 'https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544', 'https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9', 'https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc', 'https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e', 'https://linux.oracle.com/cve/CVE-2024-35937.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35937-0415@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35937', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35937'], 'PublishedDate': '2024-05-19T11:15:49.553Z', 'LastModifiedDate': '2024-08-29T17:15:07.693Z'}, {'VulnerabilityID': 'CVE-2024-35939', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-direct: Leak pages on dma_set_decrypted() failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35939', 'https://git.kernel.org/linus/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (6.9-rc1)', 'https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a', 'https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9', 'https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c', 'https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf', 'https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35939-f877@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35939', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35939'], 'PublishedDate': '2024-05-19T11:15:49.69Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35942', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain\n\nAccording to i.MX8MP RM and HDMI ADD, the fdcc clock is part of\nhdmi rx verification IP that should not enable for HDMI TX.\nBut actually if the clock is disabled before HDMI/LCDIF probe,\nLCDIF will not get pixel clock from HDMI PHY and print the error\nlogs:\n\n[CRTC:39:crtc-2] vblank wait timed out\nWARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260\n\nAdd fdcc clock to LCDIF and HDMI TX power domains to fix the issue.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35942', 'https://git.kernel.org/linus/697624ee8ad557ab5417f985d2c804241a7ad30d (6.9-rc1)', 'https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d', 'https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c', 'https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a', 'https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35942-af72@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35942', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35942'], 'PublishedDate': '2024-05-19T11:15:49.89Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35943', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35943', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: ti: Add a null pointer check to the omap_prm_domain_init\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35943', 'https://git.kernel.org/linus/5d7f58ee08434a33340f75ac7ac5071eea9673b3 (6.9-rc1)', 'https://git.kernel.org/stable/c/04f23510daa40f9010fadf309507564a34ad956f', 'https://git.kernel.org/stable/c/5d7f58ee08434a33340f75ac7ac5071eea9673b3', 'https://git.kernel.org/stable/c/bc08f5ab11b1881b85371f0bd9c9a3d27f65cca8', 'https://git.kernel.org/stable/c/ce666cecc09c0f92d5f86d89d8068ecfcf723a7e', 'https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35943-93a9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35943', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35943'], 'PublishedDate': '2024-05-19T11:15:49.953Z', 'LastModifiedDate': '2024-09-18T18:15:06.23Z'}, {'VulnerabilityID': 'CVE-2024-35945', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35945', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: phy: phy_device: Prevent nullptr exceptions on ISR', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: phy_device: Prevent nullptr exceptions on ISR\n\nIf phydev->irq is set unconditionally, check\nfor valid interrupt handler or fall back to polling mode to prevent\nnullptr exceptions in interrupt service routine.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35945', 'https://git.kernel.org/linus/61c81872815f46006982bb80460c0c80a949b35b (6.9-rc1)', 'https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311', 'https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b', 'https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5', 'https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35945-c005@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35945', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35945'], 'PublishedDate': '2024-05-19T11:15:50.11Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35946', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35946', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fix null pointer access when abort scan', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-35946', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/7e11a2966f51695c0af0b1f976a32d64dee243b2 (6.9-rc1)', 'https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d', 'https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2', 'https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8', 'https://linux.oracle.com/cve/CVE-2024-35946.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024051921-CVE-2024-35946-c2c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35946', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35946'], 'PublishedDate': '2024-05-19T11:15:50.18Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35948', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bcachefs: Check for journal entries overruning end of sb clean section', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: Check for journal entries overruning end of sb clean section\n\nFix a missing bounds check in superblock validation.\n\nNote that we don't yet have repair code for this case - repair code for\nindividual items is generally low priority, since the whole superblock\nis checksummed, validated prior to write, and we have backups.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35948', 'https://git.kernel.org/linus/fcdbc1d7a4b638e5d5668de461f320386f3002aa (6.9-rc6)', 'https://git.kernel.org/stable/c/fcdbc1d7a4b638e5d5668de461f320386f3002aa', 'https://lore.kernel.org/linux-cve-announce/2024052043-CVE-2024-35948-a92f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35948', 'https://www.cve.org/CVERecord?id=CVE-2024-35948'], 'PublishedDate': '2024-05-20T10:15:09.44Z', 'LastModifiedDate': '2024-07-03T02:02:27.897Z'}, {'VulnerabilityID': 'CVE-2024-35949', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: make sure that WRITTEN is set on all metadata blocks', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\'t set on the leaf, and then the\nextended leaf checks don\'t get run which we rely on to validate all of\nthe item pointers to make sure we don\'t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 ("btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking.  This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n  [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n  [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n  [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n  [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n  [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n  [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n  [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n  [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n  [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n  [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n  [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n  [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n  [2.621] FS:  00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n  [2.621] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n  [2.621] Call Trace:\n  [2.621]  <TASK>\n  [2.621]  ? show_regs+0x74/0x80\n  [2.621]  ? die_addr+0x46/0xc0\n  [2.621]  ? exc_general_protection+0x161/0x2a0\n  [2.621]  ? asm_exc_general_protection+0x26/0x30\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? btrfs_get_16+0x34b/0x6d0\n  [2.621]  ? btrfs_get_16+0x33a/0x6d0\n  [2.621]  ? __pfx_btrfs_get_16+0x10/0x10\n  [2.621]  ? __pfx_mutex_unlock+0x10/0x10\n  [2.621]  btrfs_match_dir_item_name+0x101/0x1a0\n  [2.621]  btrfs_lookup_dir_item+0x1f3/0x280\n  [2.621]  ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n  [2.621]  btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35949', 'https://git.kernel.org/linus/e03418abde871314e1a3a550f4c8afb7b89cb273 (6.9)', 'https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273', 'https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/', 'https://lore.kernel.org/linux-cve-announce/2024052045-CVE-2024-35949-4a64@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35949', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35949'], 'PublishedDate': '2024-05-20T10:15:10.413Z', 'LastModifiedDate': '2024-06-10T16:15:16.563Z'}, {'VulnerabilityID': 'CVE-2024-35956', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations\n\nCreate subvolume, create snapshot and delete subvolume all use\nbtrfs_subvolume_reserve_metadata() to reserve metadata for the changes\ndone to the parent subvolume's fs tree, which cannot be mediated in the\nnormal way via start_transaction. When quota groups (squota or qgroups)\nare enabled, this reserves qgroup metadata of type PREALLOC. Once the\noperation is associated to a transaction, we convert PREALLOC to\nPERTRANS, which gets cleared in bulk at the end of the transaction.\n\nHowever, the error paths of these three operations were not implementing\nthis lifecycle correctly. They unconditionally converted the PREALLOC to\nPERTRANS in a generic cleanup step regardless of errors or whether the\noperation was fully associated to a transaction or not. This resulted in\nerror paths occasionally converting this rsv to PERTRANS without calling\nrecord_root_in_trans successfully, which meant that unless that root got\nrecorded in the transaction by some other thread, the end of the\ntransaction would not free that root's PERTRANS, leaking it. Ultimately,\nthis resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount\nfor the leaked reservation.\n\nThe fix is to ensure that every qgroup PREALLOC reservation observes the\nfollowing properties:\n\n1. any failure before record_root_in_trans is called successfully\n   results in freeing the PREALLOC reservation.\n2. after record_root_in_trans, we convert to PERTRANS, and now the\n   transaction owns freeing the reservation.\n\nThis patch enforces those properties on the three operations. Without\nit, generic/269 with squotas enabled at mkfs time would fail in ~5-10\nruns on my system. With this patch, it ran successfully 1000 times in a\nrow.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35956', 'https://git.kernel.org/linus/74e97958121aa1f5854da6effba70143f051b0cd (6.9-rc4)', 'https://git.kernel.org/stable/c/14431815a4ae4bcd7c7a68b6a64c66c7712d27c9', 'https://git.kernel.org/stable/c/6c95336f5d8eb9ab79cd7306d71b6d0477363f8c', 'https://git.kernel.org/stable/c/74e97958121aa1f5854da6effba70143f051b0cd', 'https://lore.kernel.org/linux-cve-announce/2024052018-CVE-2024-35956-3c25@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35956', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35956'], 'PublishedDate': '2024-05-20T10:15:10.92Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35959', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35959', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix mlx5e_priv_init() cleanup flow\n\nWhen mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which\ncalls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using\nlockdep_is_held().\n\nAcquire the state_lock in mlx5e_selq_cleanup().\n\nKernel log:\n=============================\nWARNING: suspicious RCU usage\n6.8.0-rc3_net_next_841a9b5 #1 Not tainted\n-----------------------------\ndrivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by systemd-modules/293:\n #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core]\n #1: ffff8881096c65c0 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core]\n\nstack backtrace:\nCPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x8a/0xa0\n lockdep_rcu_suspicious+0x154/0x1a0\n mlx5e_selq_apply+0x94/0xa0 [mlx5_core]\n mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core]\n mlx5e_priv_init+0x2be/0x2f0 [mlx5_core]\n mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core]\n rdma_init_netdev+0x4e/0x80 [ib_core]\n ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core]\n ipoib_intf_init+0x64/0x550 [ib_ipoib]\n ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib]\n ipoib_add_one+0xb0/0x360 [ib_ipoib]\n add_client_context+0x112/0x1c0 [ib_core]\n ib_register_client+0x166/0x1b0 [ib_core]\n ? 0xffffffffa0573000\n ipoib_init_module+0xeb/0x1a0 [ib_ipoib]\n do_one_initcall+0x61/0x250\n do_init_module+0x8a/0x270\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x17d/0x230\n __x64_sys_finit_module+0x61/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n </TASK>', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:4352', 'https://access.redhat.com/security/cve/CVE-2024-35959', 'https://bugzilla.redhat.com/1918601', 'https://bugzilla.redhat.com/2248122', 'https://bugzilla.redhat.com/2258875', 'https://bugzilla.redhat.com/2265517', 'https://bugzilla.redhat.com/2265519', 'https://bugzilla.redhat.com/2265520', 'https://bugzilla.redhat.com/2265800', 'https://bugzilla.redhat.com/2266408', 'https://bugzilla.redhat.com/2266831', 'https://bugzilla.redhat.com/2267513', 'https://bugzilla.redhat.com/2267518', 'https://bugzilla.redhat.com/2267730', 'https://bugzilla.redhat.com/2270093', 'https://bugzilla.redhat.com/2271680', 'https://bugzilla.redhat.com/2272692', 'https://bugzilla.redhat.com/2272829', 'https://bugzilla.redhat.com/2273204', 'https://bugzilla.redhat.com/2273278', 'https://bugzilla.redhat.com/2273423', 'https://bugzilla.redhat.com/2273429', 'https://bugzilla.redhat.com/2275604', 'https://bugzilla.redhat.com/2275633', 'https://bugzilla.redhat.com/2275635', 'https://bugzilla.redhat.com/2275733', 'https://bugzilla.redhat.com/2278337', 'https://bugzilla.redhat.com/2278354', 'https://bugzilla.redhat.com/2280434', 'https://bugzilla.redhat.com/2281057', 'https://bugzilla.redhat.com/2281113', 'https://bugzilla.redhat.com/2281157', 'https://bugzilla.redhat.com/2281165', 'https://bugzilla.redhat.com/2281251', 'https://bugzilla.redhat.com/2281253', 'https://bugzilla.redhat.com/2281255', 'https://bugzilla.redhat.com/2281257', 'https://bugzilla.redhat.com/2281272', 'https://bugzilla.redhat.com/2281350', 'https://bugzilla.redhat.com/2281689', 'https://bugzilla.redhat.com/2281693', 'https://bugzilla.redhat.com/2281920', 'https://bugzilla.redhat.com/2281923', 'https://bugzilla.redhat.com/2281925', 'https://bugzilla.redhat.com/2281953', 'https://bugzilla.redhat.com/2281986', 'https://bugzilla.redhat.com/2282394', 'https://bugzilla.redhat.com/2282400', 'https://bugzilla.redhat.com/2282471', 'https://bugzilla.redhat.com/2282472', 'https://bugzilla.redhat.com/2282581', 'https://bugzilla.redhat.com/2282609', 'https://bugzilla.redhat.com/2282612', 'https://bugzilla.redhat.com/2282653', 'https://bugzilla.redhat.com/2282680', 'https://bugzilla.redhat.com/2282698', 'https://bugzilla.redhat.com/2282712', 'https://bugzilla.redhat.com/2282735', 'https://bugzilla.redhat.com/2282902', 'https://bugzilla.redhat.com/2282920', 'https://bugzilla.redhat.com/show_bug.cgi?id=1918601', 'https://bugzilla.redhat.com/show_bug.cgi?id=2248122', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258875', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265800', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266831', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267518', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267730', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270093', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272692', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272829', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273204', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273278', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273423', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275604', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275633', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275635', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275733', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278354', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281113', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281157', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281165', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281251', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281253', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281255', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281311', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281334', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281346', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281350', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281689', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281693', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281920', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281986', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282394', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282471', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282472', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282609', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282612', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282680', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282698', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282712', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282902', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282920', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007', 'https://errata.almalinux.org/8/ALSA-2024-4352.html', 'https://errata.rockylinux.org/RLSA-2024:4211', 'https://git.kernel.org/linus/ecb829459a841198e142f72fadab56424ae96519 (6.9-rc4)', 'https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7', 'https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76', 'https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519', 'https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3', 'https://linux.oracle.com/cve/CVE-2024-35959.html', 'https://linux.oracle.com/errata/ELSA-2024-4211.html', 'https://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35959-6e06@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35959', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35959'], 'PublishedDate': '2024-05-20T10:15:11.123Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35965', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: L2CAP: Fix not validating setsockopt user input', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix not validating setsockopt user input\n\nCheck user input length before copying data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35965', 'https://git.kernel.org/linus/4f3951242ace5efc7131932e2e01e6ac6baed846 (6.9-rc4)', 'https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a', 'https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846', 'https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9', 'https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607', 'https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35965-19f1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35965', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35965'], 'PublishedDate': '2024-05-20T10:15:11.52Z', 'LastModifiedDate': '2024-10-17T14:15:06.147Z'}, {'VulnerabilityID': 'CVE-2024-35966', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: RFCOMM: Fix not validating setsockopt user input', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: Fix not validating setsockopt user input\n\nsyzbot reported rfcomm_sock_setsockopt_old() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old\nnet/bluetooth/rfcomm/sock.c:632 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70\nnet/bluetooth/rfcomm/sock.c:673\nRead of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35966', 'https://git.kernel.org/linus/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695 (6.9-rc4)', 'https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546', 'https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695', 'https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f', 'https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35966-e107@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35966', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35966'], 'PublishedDate': '2024-05-20T10:15:11.58Z', 'LastModifiedDate': '2024-08-29T17:15:07.763Z'}, {'VulnerabilityID': 'CVE-2024-35967', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35967', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: SCO: Fix not validating setsockopt user input', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix not validating setsockopt user input\n\nsyzbot reported sco_sock_setsockopt() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90\nnet/bluetooth/sco.c:893\nRead of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35967', 'https://git.kernel.org/linus/51eda36d33e43201e7a4fd35232e069b2c850b01 (6.9-rc4)', 'https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7', 'https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01', 'https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c', 'https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315', 'https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce', 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'https://lore.kernel.org/linux-cve-announce/2024052022-CVE-2024-35967-d111@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35967', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35967'], 'PublishedDate': '2024-05-20T10:15:11.647Z', 'LastModifiedDate': '2024-06-25T22:15:33.88Z'}, {'VulnerabilityID': 'CVE-2024-35971', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35971', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Handle softirqs at the end of IRQ thread to fix hang\n\nThe ks8851_irq() thread may call ks8851_rx_pkts() in case there are\nany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()\nimplementation is guarded by local_bh_disable() and local_bh_enable().\nThe local_bh_enable() may call do_softirq() to run softirqs in case\nany are pending. One of the softirqs is net_rx_action, which ultimately\nreaches the driver .start_xmit callback. If that happens, the system\nhangs. The entire call chain is below:\n\nks8851_start_xmit_par from netdev_start_xmit\nnetdev_start_xmit from dev_hard_start_xmit\ndev_hard_start_xmit from sch_direct_xmit\nsch_direct_xmit from __dev_queue_xmit\n__dev_queue_xmit from __neigh_update\n__neigh_update from neigh_update\nneigh_update from arp_process.constprop.0\narp_process.constprop.0 from __netif_receive_skb_one_core\n__netif_receive_skb_one_core from process_backlog\nprocess_backlog from __napi_poll.constprop.0\n__napi_poll.constprop.0 from net_rx_action\nnet_rx_action from __do_softirq\n__do_softirq from call_with_stack\ncall_with_stack from do_softirq\ndo_softirq from __local_bh_enable_ip\n__local_bh_enable_ip from netif_rx\nnetif_rx from ks8851_irq\nks8851_irq from irq_thread_fn\nirq_thread_fn from irq_thread\nirq_thread from kthread\nkthread from ret_from_fork\n\nThe hang happens because ks8851_irq() first locks a spinlock in\nks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...)\nand with that spinlock locked, calls netif_rx(). Once the execution\nreaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again\nwhich attempts to claim the already locked spinlock again, and the\nhang happens.\n\nMove the do_softirq() call outside of the spinlock protected section\nof ks8851_irq() by disabling BHs around the entire spinlock protected\nsection of ks8851_irq() handler. Place local_bh_enable() outside of\nthe spinlock protected section, so that it can trigger do_softirq()\nwithout the ks8851_par.c ks8851_lock_par() spinlock being held, and\nsafely call ks8851_start_xmit_par() without attempting to lock the\nalready locked spinlock.\n\nSince ks8851_irq() is protected by local_bh_disable()/local_bh_enable()\nnow, replace netif_rx() with __netif_rx() which is not duplicating the\nlocal_bh_disable()/local_bh_enable() calls.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-35971', 'https://git.kernel.org/linus/be0384bf599cf1eb8d337517feeb732d71f75a6f (6.9-rc4)', 'https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540', 'https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b', 'https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f', 'https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f', 'https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-35971-fb84@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35971', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35971'], 'PublishedDate': '2024-05-20T10:15:11.947Z', 'LastModifiedDate': '2024-06-10T18:15:35.383Z'}, {'VulnerabilityID': 'CVE-2024-35979', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: raid1: fix use-after-free for original bio in raid1_write_request()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nraid1: fix use-after-free for original bio in raid1_write_request()\n\nr1_bio->bios[] is used to record new bios that will be issued to\nunderlying disks, however, in raid1_write_request(), r1_bio->bios[]\nwill set to the original bio temporarily. Meanwhile, if blocked rdev\nis set, free_r1bio() will be called causing that all r1_bio->bios[]\nto be freed:\n\nraid1_write_request()\n r1_bio = alloc_r1bio(mddev, bio); -> r1_bio->bios[] is NULL\n for (i = 0;  i < disks; i++) -> for each rdev in conf\n  // first rdev is normal\n  r1_bio->bios[0] = bio; -> set to original bio\n  // second rdev is blocked\n  if (test_bit(Blocked, &rdev->flags))\n   break\n\n if (blocked_rdev)\n  free_r1bio()\n   put_all_bios()\n    bio_put(r1_bio->bios[0]) -> original bio is freed\n\nTest scripts:\n\nmdadm -CR /dev/md0 -l1 -n4 /dev/sd[abcd] --assume-clean\nfio -filename=/dev/md0 -ioengine=libaio -rw=write -bs=4k -numjobs=1 \\\n    -iodepth=128 -name=test -direct=1\necho blocked > /sys/block/md0/md/rd2/state\n\nTest result:\n\nBUG bio-264 (Not tainted): Object already free\n-----------------------------------------------------------------------------\n\nAllocated in mempool_alloc_slab+0x24/0x50 age=1 cpu=1 pid=869\n kmem_cache_alloc+0x324/0x480\n mempool_alloc_slab+0x24/0x50\n mempool_alloc+0x6e/0x220\n bio_alloc_bioset+0x1af/0x4d0\n blkdev_direct_IO+0x164/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n io_submit_one+0x5ca/0xb70\n __do_sys_io_submit+0x86/0x270\n __x64_sys_io_submit+0x22/0x30\n do_syscall_64+0xb1/0x210\n entry_SYSCALL_64_after_hwframe+0x6c/0x74\nFreed in mempool_free_slab+0x1f/0x30 age=1 cpu=1 pid=869\n kmem_cache_free+0x28c/0x550\n mempool_free_slab+0x1f/0x30\n mempool_free+0x40/0x100\n bio_free+0x59/0x80\n bio_put+0xf0/0x220\n free_r1bio+0x74/0xb0\n raid1_make_request+0xadf/0x1150\n md_handle_request+0xc7/0x3b0\n md_submit_bio+0x76/0x130\n __submit_bio+0xd8/0x1d0\n submit_bio_noacct_nocheck+0x1eb/0x5c0\n submit_bio_noacct+0x169/0xd40\n submit_bio+0xee/0x1d0\n blkdev_direct_IO+0x322/0x8a0\n blkdev_write_iter+0x309/0x440\n aio_write+0x139/0x2f0\n\nSince that bios for underlying disks are not allocated yet, fix this\nproblem by using mempool_free() directly to free the r1_bio.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35979', 'https://git.kernel.org/linus/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744 (6.9-rc4)', 'https://git.kernel.org/stable/c/3f28d49a328fe20926995d5fbdc92da665596268', 'https://git.kernel.org/stable/c/f423f41b7679c09abb26d2bd54be5cbef23c9446', 'https://git.kernel.org/stable/c/fcf3f7e2fc8a53a6140beee46ec782a4c88e4744', 'https://lore.kernel.org/linux-cve-announce/2024052025-CVE-2024-35979-2618@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35979', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35979'], 'PublishedDate': '2024-05-20T10:15:12.48Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35995', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35995', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n  dump_backtrace+0x0/0x1e0\n  show_stack+0x24/0x30\n  dump_stack_lvl+0x8c/0xb8\n  dump_stack+0x18/0x34\n  panic+0x16c/0x384\n  add_taint+0x0/0xc0\n  arm64_serror_panic+0x7c/0x90\n  arm64_is_fatal_ras_serror+0x34/0xa4\n  do_serror+0x50/0x6c\n  el1h_64_error_handler+0x40/0x74\n  el1h_64_error+0x7c/0x80\n  cppc_get_perf_caps+0xec/0x410\n  cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n  cpufreq_online+0x2dc/0xa30\n  cpufreq_add_dev+0xc0/0xd4\n  subsys_interface_register+0x134/0x14c\n  cpufreq_register_driver+0x1b0/0x354\n  cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n  do_one_initcall+0x50/0x250\n  do_init_module+0x60/0x27c\n  load_module+0x2300/0x2570\n  __do_sys_finit_module+0xa8/0x114\n  __arm64_sys_finit_module+0x2c/0x3c\n  invoke_syscall+0x78/0x100\n  el0_svc_common.constprop.0+0x180/0x1a0\n  do_el0_svc+0x84/0xa0\n  el0_svc+0x2c/0xc0\n  el0t_64_sync_handler+0xa4/0x12c\n  el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35995', 'https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)', 'https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3', 'https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4', 'https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c', 'https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87', 'https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1', 'https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3', 'https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2', 'https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35995', 'https://www.cve.org/CVERecord?id=CVE-2024-35995'], 'PublishedDate': '2024-05-20T10:15:13.597Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35998', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix lock ordering potential deadlock in cifs_sync_mid_result\n\nCoverity spotted that the cifs_sync_mid_result function could deadlock\n\n"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires\nlock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"\n\nAddresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35998', 'https://git.kernel.org/linus/8861fd5180476f45f9e8853db154600469a0284f (6.9-rc6)', 'https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75', 'https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc', 'https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f', 'https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66', 'https://lore.kernel.org/linux-cve-announce/2024052022-CVE-2024-35998-96a4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35998', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35998'], 'PublishedDate': '2024-05-20T10:15:14.03Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-35999', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb3: missing lock when picking channel', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: missing lock when picking channel\n\nCoverity spotted a place where we should have been holding the\nchannel lock when accessing the ses channel index.\n\nAddresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)")', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35999', 'https://git.kernel.org/linus/8094a600245e9b28eb36a13036f202ad67c1f887 (6.9-rc6)', 'https://git.kernel.org/stable/c/0fcf7e219448e937681216353c9a58abae6d3c2e', 'https://git.kernel.org/stable/c/60ab245292280905603bc0d3654f4cf8fceccb00', 'https://git.kernel.org/stable/c/8094a600245e9b28eb36a13036f202ad67c1f887', 'https://git.kernel.org/stable/c/98c7ed29cd754ae7475dc7cb3f33399fda902729', 'https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-35999-da29@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35999', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-35999'], 'PublishedDate': '2024-05-20T10:15:14.1Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36000', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36000', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(&hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether.  Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36000', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269436', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273141', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275678', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278206', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281052', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281151', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282709', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284271', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293273', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300409', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300414', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300491', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2300713', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2301637', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:6567', 'https://git.kernel.org/linus/b76b46902c2d0395488c8412e1116c2486cdfcb2 (6.9-rc6)', 'https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc', 'https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10', 'https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2', 'https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505', 'https://linux.oracle.com/cve/CVE-2024-36000.html', 'https://linux.oracle.com/errata/ELSA-2024-6567.html', 'https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-36000-cfc4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36000', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36000'], 'PublishedDate': '2024-05-20T10:15:14.163Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36003', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36003', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: fix LAG and VF lock dependency in ice_reset_vf()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix LAG and VF lock dependency in ice_reset_vf()\n\n9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over\naggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf().\nThe commit placed this lock acquisition just prior to the acquisition of\nthe VF configuration lock.\n\nIf ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK\nflag, this could deadlock with ice_vc_cfg_qs_msg() because it always\nacquires the locks in the order of the VF configuration lock and then the\nLAG mutex.\n\nLockdep reports this violation almost immediately on creating and then\nremoving 2 VF:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-rc6 #54 Tainted: G        W  O\n------------------------------------------------------\nkworker/60:3/6771 is trying to acquire lock:\nff40d43e099380a0 (&vf->cfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice]\n\nbut task is already holding lock:\nff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&pf->lag_mutex){+.+.}-{3:3}:\n       __lock_acquire+0x4f8/0xb40\n       lock_acquire+0xd4/0x2d0\n       __mutex_lock+0x9b/0xbf0\n       ice_vc_cfg_qs_msg+0x45/0x690 [ice]\n       ice_vc_process_vf_msg+0x4f5/0x870 [ice]\n       __ice_clean_ctrlq+0x2b5/0x600 [ice]\n       ice_service_task+0x2c9/0x480 [ice]\n       process_one_work+0x1e9/0x4d0\n       worker_thread+0x1e1/0x3d0\n       kthread+0x104/0x140\n       ret_from_fork+0x31/0x50\n       ret_from_fork_asm+0x1b/0x30\n\n-> #0 (&vf->cfg_lock){+.+.}-{3:3}:\n       check_prev_add+0xe2/0xc50\n       validate_chain+0x558/0x800\n       __lock_acquire+0x4f8/0xb40\n       lock_acquire+0xd4/0x2d0\n       __mutex_lock+0x9b/0xbf0\n       ice_reset_vf+0x22f/0x4d0 [ice]\n       ice_process_vflr_event+0x98/0xd0 [ice]\n       ice_service_task+0x1cc/0x480 [ice]\n       process_one_work+0x1e9/0x4d0\n       worker_thread+0x1e1/0x3d0\n       kthread+0x104/0x140\n       ret_from_fork+0x31/0x50\n       ret_from_fork_asm+0x1b/0x30\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n       CPU0                    CPU1\n       ----                    ----\n  lock(&pf->lag_mutex);\n                               lock(&vf->cfg_lock);\n                               lock(&pf->lag_mutex);\n  lock(&vf->cfg_lock);\n\n *** DEADLOCK ***\n4 locks held by kworker/60:3/6771:\n #0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n #1: ff50d06e05197e58 ((work_completion)(&pf->serv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n #2: ff40d43ea1960e50 (&pf->vfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice]\n #3: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\n\nstack backtrace:\nCPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G        W  O       6.8.0-rc6 #54\nHardware name:\nWorkqueue: ice ice_service_task [ice]\nCall Trace:\n <TASK>\n dump_stack_lvl+0x4a/0x80\n check_noncircular+0x12d/0x150\n check_prev_add+0xe2/0xc50\n ? save_trace+0x59/0x230\n ? add_chain_cache+0x109/0x450\n validate_chain+0x558/0x800\n __lock_acquire+0x4f8/0xb40\n ? lockdep_hardirqs_on+0x7d/0x100\n lock_acquire+0xd4/0x2d0\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? lock_is_held_type+0xc7/0x120\n __mutex_lock+0x9b/0xbf0\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? rcu_is_watching+0x11/0x50\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ice_reset_vf+0x22f/0x4d0 [ice]\n ? process_one_work+0x176/0x4d0\n ice_process_vflr_event+0x98/0xd0 [ice]\n ice_service_task+0x1cc/0x480 [ice]\n process_one_work+0x1e9/0x4d0\n worker_thread+0x1e1/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x104/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nTo avoid deadlock, we must acquire the LAG \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36003', 'https://git.kernel.org/linus/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f (6.9-rc6)', 'https://git.kernel.org/stable/c/740717774dc37338404d10726967d582414f638c', 'https://git.kernel.org/stable/c/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f', 'https://git.kernel.org/stable/c/de8631d8c9df08440268630200e64b623a5f69e6', 'https://linux.oracle.com/cve/CVE-2024-36003.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024052024-CVE-2024-36003-33b4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36003', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36003'], 'PublishedDate': '2024-05-20T10:15:14.36Z', 'LastModifiedDate': '2024-05-20T13:00:04.957Z'}, {'VulnerabilityID': 'CVE-2024-36009', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36009', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: Fix netdev refcount issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix netdev refcount issue\n\nThe dev_tracker is added to ax25_cb in ax25_bind(). When the\nax25 device is detaching, the dev_tracker of ax25_cb should be\ndeallocated in ax25_kill_by_device() instead of the dev_tracker\nof ax25_dev. The log reported by ref_tracker is shown below:\n\n[   80.884935] ref_tracker: reference already released.\n[   80.885150] ref_tracker: allocated in:\n[   80.885349]  ax25_dev_device_up+0x105/0x540\n[   80.885730]  ax25_device_event+0xa4/0x420\n[   80.885730]  notifier_call_chain+0xc9/0x1e0\n[   80.885730]  __dev_notify_flags+0x138/0x280\n[   80.885730]  dev_change_flags+0xd7/0x180\n[   80.885730]  dev_ifsioc+0x6a9/0xa30\n[   80.885730]  dev_ioctl+0x4d8/0xd90\n[   80.885730]  sock_do_ioctl+0x1c2/0x2d0\n[   80.885730]  sock_ioctl+0x38b/0x4f0\n[   80.885730]  __se_sys_ioctl+0xad/0xf0\n[   80.885730]  do_syscall_64+0xc4/0x1b0\n[   80.885730]  entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[   80.885730] ref_tracker: freed in:\n[   80.885730]  ax25_device_event+0x272/0x420\n[   80.885730]  notifier_call_chain+0xc9/0x1e0\n[   80.885730]  dev_close_many+0x272/0x370\n[   80.885730]  unregister_netdevice_many_notify+0x3b5/0x1180\n[   80.885730]  unregister_netdev+0xcf/0x120\n[   80.885730]  sixpack_close+0x11f/0x1b0\n[   80.885730]  tty_ldisc_kill+0xcb/0x190\n[   80.885730]  tty_ldisc_hangup+0x338/0x3d0\n[   80.885730]  __tty_hangup+0x504/0x740\n[   80.885730]  tty_release+0x46e/0xd80\n[   80.885730]  __fput+0x37f/0x770\n[   80.885730]  __x64_sys_close+0x7b/0xb0\n[   80.885730]  do_syscall_64+0xc4/0x1b0\n[   80.885730]  entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[   80.893739] ------------[ cut here ]------------\n[   80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0\n[   80.894297] Modules linked in:\n[   80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11\n[   80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4\n[   80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0\n[   80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9\n[   80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286\n[   80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000\n[   80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518\n[   80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a\n[   80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4\n[   80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518\n[   80.898279] FS:  00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000\n[   80.899436] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0\n...\n[   80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at\n[   80.935774]      ax25_bind+0x424/0x4e0\n[   80.935774]      __sys_bind+0x1d9/0x270\n[   80.935774]      __x64_sys_bind+0x75/0x80\n[   80.935774]      do_syscall_64+0xc4/0x1b0\n[   80.935774]      entry_SYSCALL_64_after_hwframe+0x67/0x6f\n\nChange ax25_dev->dev_tracker to the dev_tracker of ax25_cb\nin order to mitigate the bug.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-36009', 'https://git.kernel.org/linus/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (6.9-rc6)', 'https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851', 'https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b', 'https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530', 'https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8', 'https://lore.kernel.org/linux-cve-announce/2024052026-CVE-2024-36009-f213@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36009', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36009'], 'PublishedDate': '2024-05-20T10:15:14.773Z', 'LastModifiedDate': '2024-06-10T17:16:32.013Z'}, {'VulnerabilityID': 'CVE-2024-36012', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36012', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: msft: fix slab-use-after-free in msft_do_close()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\n\nTying the msft->data lifetime to hdev by freeing it in\nhci_release_dev() to fix the following case:\n\n[use]\nmsft_do_close()\n  msft = hdev->msft_data;\n  if (!msft)                      ...(1) <- passed.\n    return;\n  mutex_lock(&msft->filter_lock); ...(4) <- used after freed.\n\n[free]\nmsft_unregister()\n  msft = hdev->msft_data;\n  hdev->msft_data = NULL;         ...(2)\n  kfree(msft);                    ...(3) <- msft is freed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\nkernel/locking/mutex.c:752\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36012', 'https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9)', 'https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac', 'https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56', 'https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940', 'https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76', 'https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36012-3062@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36012', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36012'], 'PublishedDate': '2024-05-23T07:15:08.9Z', 'LastModifiedDate': '2024-05-24T01:15:30.977Z'}, {'VulnerabilityID': 'CVE-2024-36013', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()\n\nExtend a critical section to prevent chan from early freeing.\nAlso make the l2cap_connect() return type void. Nothing is using the\nreturned value but it is ugly to return a potentially freed pointer.\nMaking it void will help with backports because earlier kernels did use\nthe return value. Now the compile will break for kernels where this\npatch is not a complete fix.\n\nCall stack summary:\n\n[use]\nl2cap_bredr_sig_cmd\n  l2cap_connect\n  ┌ mutex_lock(&conn->chan_lock);\n  │ chan = pchan->ops->new_connection(pchan); <- alloc chan\n  │ __l2cap_chan_add(conn, chan);\n  │   l2cap_chan_hold(chan);\n  │   list_add(&chan->list, &conn->chan_l);   ... (1)\n  └ mutex_unlock(&conn->chan_lock);\n    chan->conf_state              ... (4) <- use after free\n\n[free]\nl2cap_conn_del\n┌ mutex_lock(&conn->chan_lock);\n│ foreach chan in conn->chan_l:            ... (2)\n│   l2cap_chan_put(chan);\n│     l2cap_chan_destroy\n│       kfree(chan)               ... (3) <- chan freed\n└ mutex_unlock(&conn->chan_lock);\n\n==================================================================\nBUG: KASAN: slab-use-after-free in instrument_atomic_read\ninclude/linux/instrumented.h:68 [inline]\nBUG: KASAN: slab-use-after-free in _test_bit\ninclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0\nnet/bluetooth/l2cap_core.c:4260\nRead of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 7.1}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/05/30/1', 'http://www.openwall.com/lists/oss-security/2024/05/30/2', 'https://access.redhat.com/security/cve/CVE-2024-36013', 'https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)', 'https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658', 'https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6', 'https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5', 'https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36013-0c90@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36013', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36013'], 'PublishedDate': '2024-05-23T07:15:08.987Z', 'LastModifiedDate': '2024-07-03T02:02:37.247Z'}, {'VulnerabilityID': 'CVE-2024-36021', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix kernel crash when devlink reload during pf initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36021', 'https://git.kernel.org/linus/93305b77ffcb042f1538ecc383505e87d95aa05a (6.9-rc2)', 'https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86', 'https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3', 'https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5', 'https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a', 'https://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36021-f196@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36021', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36021'], 'PublishedDate': '2024-05-30T15:15:49.193Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36022', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36022', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Init zone device and drm client after mode-1 reset on reload\n\nIn passthrough environment, when amdgpu is reloaded after unload, mode-1\nis triggered after initializing the necessary IPs, That init does not\ninclude KFD, and KFD init waits until the reset is completed. KFD init\nis called in the reset handler, but in this case, the zone device and\ndrm client is not initialized, causing app to create kernel panic.\n\nv2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create.\nAs the previous version has the potential of creating DRM client twice.\n\nv3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA\nbefore SDMA init. Adding the condition to in drm client creation, on top of v1,\nto guard against drm client creation call multiple times.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36022', 'https://git.kernel.org/linus/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 (6.9-rc1)', 'https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6', 'https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48', 'https://lore.kernel.org/linux-cve-announce/2024053013-CVE-2024-36022-fe0e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36022', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36022'], 'PublishedDate': '2024-05-30T15:15:49.263Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36024', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36024', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable idle reallow as part of command/gpint execution', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable idle reallow as part of command/gpint execution\n\n[Why]\nWorkaroud for a race condition where DMCUB is in the process of\ncommitting to IPS1 during the handshake causing us to miss the\ntransition into IPS2 and touch the INBOX1 RPTR causing a HW hang.\n\n[How]\nDisable the reallow to ensure that we have enough of a gap between entry\nand exit and we're not seeing back-to-back wake_and_executes.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36024', 'https://git.kernel.org/linus/6226a5aa77370329e01ee8abe50a95e60618ce97 (6.9-rc1)', 'https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7', 'https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97', 'https://lore.kernel.org/linux-cve-announce/2024053014-CVE-2024-36024-85b6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36024', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36024'], 'PublishedDate': '2024-05-30T15:15:49.42Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36026', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36026', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11\n\nWhile doing multiple S4 stress tests, GC/RLC/PMFW get into\nan invalid state resulting into hard hangs.\n\nAdding a GFX reset as workaround just before sending the\nMP1_UNLOAD message avoids this failure.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36026', 'https://git.kernel.org/linus/31729e8c21ecfd671458e02b6511eb68c2225113 (6.9-rc4)', 'https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5', 'https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113', 'https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d', 'https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f', 'https://lore.kernel.org/linux-cve-announce/2024053034-CVE-2024-36026-4730@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36026', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36026'], 'PublishedDate': '2024-05-30T15:15:49.577Z', 'LastModifiedDate': '2024-05-30T18:19:11.743Z'}, {'VulnerabilityID': 'CVE-2024-36244', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36244', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing "cycle == 0" check outside the "if "(!new->cycle_time)"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36244', 'https://git.kernel.org/linus/fb66df20a7201e60f2b13d7f95d031b31a8831d3 (6.10-rc2)', 'https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724', 'https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2', 'https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3', 'https://lore.kernel.org/linux-cve-announce/2024062134-CVE-2024-36244-f88f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36244', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36244'], 'PublishedDate': '2024-06-21T11:15:09.957Z', 'LastModifiedDate': '2024-06-21T11:22:01.687Z'}, {'VulnerabilityID': 'CVE-2024-36478', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36478', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: null_blk: fix null-ptr-dereference while configuring &#39;power&#39; and &#39;submit_queues&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'\n\nWriting 'power' and 'submit_queues' concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 > submit_queues; echo 4 > submit_queues; done &\nwhile true; do echo 1 > power; echo 0 > power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n <TASK>\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t  if (!dev->nullb)\n\t\t\t\t  // still set while gendisk is deleted\n\t\t\t\t   return 0\n\t\t\t\t  blk_mq_update_nr_hw_queues\n dev->nullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36478', 'https://git.kernel.org/linus/a2db328b0839312c169eb42746ec46fc1ab53ed2 (6.10-rc1)', 'https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47', 'https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2', 'https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9', 'https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36478-d249@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36478', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36478'], 'PublishedDate': '2024-06-21T11:15:10.36Z', 'LastModifiedDate': '2024-10-10T12:15:03.947Z'}, {'VulnerabilityID': 'CVE-2024-36479', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36479', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fpga: bridge: add owner module and take its refcount', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: bridge: add owner module and take its refcount\n\nThe current implementation of the fpga bridge assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module's refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the bridge if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_bridge\nstruct and use it to take the module's refcount. Modify the function for\nregistering a bridge to take an additional owner module parameter and\nrename it to avoid conflicts. Use the old function name for a helper macro\nthat automatically sets the module that registers the bridge as the owner.\nThis ensures compatibility with existing low-level control modules and\nreduces the chances of registering a bridge without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga bridge.\n\nOther changes: opportunistically move put_device() from __fpga_bridge_get()\nto fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since\nthe bridge device is taken in these functions.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36479', 'https://git.kernel.org/linus/1da11f822042eb6ef4b6064dc048f157a7852529 (6.10-rc1)', 'https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529', 'https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125', 'https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b', 'https://lore.kernel.org/linux-cve-announce/2024062459-CVE-2024-36479-ef6c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36479', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36479'], 'PublishedDate': '2024-06-24T14:15:12.157Z', 'LastModifiedDate': '2024-06-24T19:26:47.037Z'}, {'VulnerabilityID': 'CVE-2024-36885', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n  kernel BUG at include/linux/scatterlist.h:187!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n  Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n  RIP: 0010:sg_init_one+0x85/0xa0\n  Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n  24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n  0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n  RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n  RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n  RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n  R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n  R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n  FS:  00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n  Call Trace:\n   <TASK>\n   ? die+0x36/0x90\n   ? do_trap+0xdd/0x100\n   ? sg_init_one+0x85/0xa0\n   ? do_error_trap+0x65/0x80\n   ? sg_init_one+0x85/0xa0\n   ? exc_invalid_op+0x50/0x70\n   ? sg_init_one+0x85/0xa0\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? sg_init_one+0x85/0xa0\n   nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n   nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n   ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n   r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? nvkm_udevice_new+0x95/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? srso_return_thunk+0x5/0x5f\n   ? ktime_get+0x47/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n   nvkm_subdev_init_+0x39/0x140 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   nvkm_subdev_init+0x44/0x90 [nouveau]\n   nvkm_device_init+0x166/0x2e0 [nouveau]\n   nvkm_udevice_init+0x47/0x70 [nouveau]\n   nvkm_object_init+0x41/0x1c0 [nouveau]\n   nvkm_ioctl_new+0x16a/0x290 [nouveau]\n   ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n   ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n   nvkm_ioctl+0x126/0x290 [nouveau]\n   nvif_object_ctor+0x112/0x190 [nouveau]\n   nvif_device_ctor+0x23/0x60 [nouveau]\n   nouveau_cli_init+0x164/0x640 [nouveau]\n   nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   ? pci_update_current_state+0x72/0xb0\n   ? srso_return_thunk+0x5/0x5f\n   nouveau_drm_probe+0x12c/0x280 [nouveau]\n   ? srso_return_thunk+0x5/0x5f\n   local_pci_probe+0x45/0xa0\n   pci_device_probe+0xc7/0x270\n   really_probe+0xe6/0x3a0\n   __driver_probe_device+0x87/0x160\n   driver_probe_device+0x1f/0xc0\n   __driver_attach+0xec/0x1f0\n   ? __pfx___driver_attach+0x10/0x10\n   bus_for_each_dev+0x88/0xd0\n   bus_add_driver+0x116/0x220\n   driver_register+0x59/0x100\n   ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n   do_one_initcall+0x5b/0x320\n   do_init_module+0x60/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x120/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x83/0x160\n   ? srso_return_thunk+0x5/0x5f\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n  RIP: 0033:0x7feeb5cc20cd\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n  ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n  RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n  RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n  R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36885', 'https://git.kernel.org/linus/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 (6.9-rc7)', 'https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e', 'https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2', 'https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75', 'https://lore.kernel.org/linux-cve-announce/2024053032-CVE-2024-36885-cb0b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36885', 'https://www.cve.org/CVERecord?id=CVE-2024-36885'], 'PublishedDate': '2024-05-30T16:15:12.067Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36893', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36893', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: typec: tcpm: Check for port partner validity before consuming it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: Check for port partner validity before consuming it\n\ntypec_register_partner() does not guarantee partner registration\nto always succeed. In the event of failure, port->partner is set\nto the error value or NULL. Given that port->partner validity is\nnot checked, this results in the following crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address xx\n pc : run_state_machine+0x1bc8/0x1c08\n lr : run_state_machine+0x1b90/0x1c08\n..\n Call trace:\n   run_state_machine+0x1bc8/0x1c08\n   tcpm_state_machine_work+0x94/0xe4\n   kthread_worker_fn+0x118/0x328\n   kthread+0x1d0/0x23c\n   ret_from_fork+0x10/0x20\n\nTo prevent the crash, check for port->partner validity before\nderefencing it in all the call sites.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36893', 'https://git.kernel.org/linus/ae11f04b452b5205536e1c02d31f8045eba249dd (6.9-rc7)', 'https://git.kernel.org/stable/c/2a07e6f0ad8a6e504a3912cfe8dc859b7d0740a5', 'https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637', 'https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd', 'https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57', 'https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77', 'https://lore.kernel.org/linux-cve-announce/2024053034-CVE-2024-36893-476e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36893', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36893'], 'PublishedDate': '2024-05-30T16:15:12.773Z', 'LastModifiedDate': '2024-10-17T14:15:06.23Z'}, {'VulnerabilityID': 'CVE-2024-36898', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpiolib: cdev: fix uninitialised kfifo', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix uninitialised kfifo\n\nIf a line is requested with debounce, and that results in debouncing\nin software, and the line is subsequently reconfigured to enable edge\ndetection then the allocation of the kfifo to contain edge events is\noverlooked.  This results in events being written to and read from an\nuninitialised kfifo.  Read events are returned to userspace.\n\nInitialise the kfifo in the case where the software debounce is\nalready active.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36898', 'https://git.kernel.org/linus/ee0166b637a5e376118e9659e5b4148080f1d27e (6.9)', 'https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5', 'https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2', 'https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e', 'https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e', 'https://lore.kernel.org/linux-cve-announce/2024053035-CVE-2024-36898-942c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36898', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36898'], 'PublishedDate': '2024-05-30T16:15:13.423Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36899', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip's lines is also in the release process and holds the notifier chain's\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n  --> bitmap_free(cdev->watched_lines)                  <-- freed\n  --> blocking_notifier_chain_unregister()\n    --> down_write(&nh->rwsem)                          <-- waiting rwsem\n          --> __down_write_common()\n            --> rwsem_down_write_slowpath()\n                  --> schedule_preempt_disabled()\n                    --> schedule()\n\n[use]\nst54spi_gpio_dev_release()\n  --> gpio_free()\n    --> gpiod_free()\n      --> gpiod_free_commit()\n        --> gpiod_line_state_notify()\n          --> blocking_notifier_call_chain()\n            --> down_read(&nh->rwsem);                  <-- held rwsem\n            --> notifier_call_chain()\n              --> lineinfo_changed_notify()\n                --> test_bit(xxxx, cdev->watched_lines) <-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn't. However, since the chrdev\nis being closed, userspace won't have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36899', 'https://git.kernel.org/linus/02f6b0e1ec7e0e7d059dddc893645816552039da (6.9)', 'https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da', 'https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a', 'https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239', 'https://linux.oracle.com/cve/CVE-2024-36899.html', 'https://linux.oracle.com/errata/ELSA-2024-6997.html', 'https://lore.kernel.org/linux-cve-announce/2024053035-CVE-2024-36899-bfb1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36899', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36899'], 'PublishedDate': '2024-05-30T16:15:13.51Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36900', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: fix kernel crash when devlink reload during initialization', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash.\n\nThis patch fixes this by registering the devlink after\nhardware initialization.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36900', 'https://git.kernel.org/linus/35d92abfbad88cf947c010baf34b075e40566095 (6.9)', 'https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095', 'https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd', 'https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7', 'https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36900', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36900'], 'PublishedDate': '2024-05-30T16:15:13.6Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36903', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv6: Fix potential uninit-value access in __ip6_make_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in\n__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36903', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/4e13d3a9c25b7080f8a619f961e943fe08c2672c (6.9)', 'https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3', 'https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c', 'https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a', 'https://linux.oracle.com/cve/CVE-2024-36903.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024053036-CVE-2024-36903-4a60@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36903', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36903'], 'PublishedDate': '2024-05-30T16:15:13.867Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36907', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36907', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: SUNRPC: add a missing rpc_stat for TCP TLS', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: add a missing rpc_stat for TCP TLS\n\nCommit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added\nfunctionality to specify rpc_stats function but missed adding it to the\nTCP TLS functionality. As the result, mounting with xprtsec=tls lead to\nthe following kernel oops.\n\n[  128.984192] Unable to handle kernel NULL pointer dereference at\nvirtual address 000000000000001c\n[  128.985058] Mem abort info:\n[  128.985372]   ESR = 0x0000000096000004\n[  128.985709]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  128.986176]   SET = 0, FnV = 0\n[  128.986521]   EA = 0, S1PTW = 0\n[  128.986804]   FSC = 0x04: level 0 translation fault\n[  128.987229] Data abort info:\n[  128.987597]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[  128.988169]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[  128.988811]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  128.989302] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106c84000\n[  128.990048] [000000000000001c] pgd=0000000000000000, p4d=0000000000000000\n[  128.990736] Internal error: Oops: 0000000096000004 [#1] SMP\n[  128.991168] Modules linked in: nfs_layout_nfsv41_files\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs\nuinput dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill\nip_set nf_tables nfnetlink qrtr vsock_loopback\nvmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock\nsunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc\nvideobuf2_v4l2 videodev videobuf2_common mc vmw_vmci xfs libcrc32c\ne1000e crct10dif_ce ghash_ce sha2_ce vmwgfx nvme sha256_arm64\nnvme_core sr_mod cdrom sha1_ce drm_ttm_helper ttm drm_kms_helper drm\nsg fuse\n[  128.996466] CPU: 0 PID: 179 Comm: kworker/u4:26 Kdump: loaded Not\ntainted 6.8.0-rc6+ #12\n[  128.997226] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS\nVMW201.00V.21805430.BA64.2305221830 05/22/2023\n[  128.998084] Workqueue: xprtiod xs_tcp_tls_setup_socket [sunrpc]\n[  128.998701] pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[  128.999384] pc : call_start+0x74/0x138 [sunrpc]\n[  128.999809] lr : __rpc_execute+0xb8/0x3e0 [sunrpc]\n[  129.000244] sp : ffff8000832b3a00\n[  129.000508] x29: ffff8000832b3a00 x28: ffff800081ac79c0 x27: ffff800081ac7000\n[  129.001111] x26: 0000000004248060 x25: 0000000000000000 x24: ffff800081596008\n[  129.001757] x23: ffff80007b087240 x22: ffff00009a509d30 x21: 0000000000000000\n[  129.002345] x20: ffff000090075600 x19: ffff00009a509d00 x18: ffffffffffffffff\n[  129.002912] x17: 733d4d4554535953 x16: 42555300312d746e x15: ffff8000832b3a88\n[  129.003464] x14: ffffffffffffffff x13: ffff8000832b3a7d x12: 0000000000000008\n[  129.004021] x11: 0101010101010101 x10: ffff8000150cb560 x9 : ffff80007b087c00\n[  129.004577] x8 : ffff00009a509de0 x7 : 0000000000000000 x6 : 00000000be8c4ee3\n[  129.005026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff000094d56680\n[  129.005425] x2 : ffff80007b0637f8 x1 : ffff000090075600 x0 : ffff00009a509d00\n[  129.005824] Call trace:\n[  129.005967]  call_start+0x74/0x138 [sunrpc]\n[  129.006233]  __rpc_execute+0xb8/0x3e0 [sunrpc]\n[  129.006506]  rpc_execute+0x160/0x1d8 [sunrpc]\n[  129.006778]  rpc_run_task+0x148/0x1f8 [sunrpc]\n[  129.007204]  tls_probe+0x80/0xd0 [sunrpc]\n[  129.007460]  rpc_ping+0x28/0x80 [sunrpc]\n[  129.007715]  rpc_create_xprt+0x134/0x1a0 [sunrpc]\n[  129.007999]  rpc_create+0x128/0x2a0 [sunrpc]\n[  129.008264]  xs_tcp_tls_setup_socket+0xdc/0x508 [sunrpc]\n[  129.008583]  process_one_work+0x174/0x3c8\n[  129.008813]  worker_thread+0x2c8/0x3e0\n[  129.009033]  kthread+0x100/0x110\n[  129.009225]  ret_from_fork+0x10/0x20\n[  129.009432] Code: f0ffffc2 911fe042 aa1403e1 aa1303e0 (b9401c83)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36907', 'https://git.kernel.org/linus/8e088a20dbe33919695a8082c0b32deb62d23b4a (6.9-rc7)', 'https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc', 'https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a', 'https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1', 'https://linux.oracle.com/cve/CVE-2024-36907.html', 'https://linux.oracle.com/errata/ELSA-2024-12682.html', 'https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36907-2e49@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36907', 'https://www.cve.org/CVERecord?id=CVE-2024-36907'], 'PublishedDate': '2024-05-30T16:15:14.223Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36908', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36908', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: blk-iocost: do not WARN if iocg was already offlined', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: do not WARN if iocg was already offlined\n\nIn iocg_pay_debt(), warn is triggered if 'active_list' is empty, which\nis intended to confirm iocg is active when it has debt. However, warn\ncan be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn()\nis run at that time:\n\n  WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190\n  Call trace:\n  iocg_pay_debt+0x14c/0x190\n  iocg_kick_waitq+0x438/0x4c0\n  iocg_waitq_timer_fn+0xd8/0x130\n  __run_hrtimer+0x144/0x45c\n  __hrtimer_run_queues+0x16c/0x244\n  hrtimer_interrupt+0x2cc/0x7b0\n\nThe warn in this situation is meaningless. Since this iocg is being\nremoved, the state of the 'active_list' is irrelevant, and 'waitq_timer'\nis canceled after removing 'active_list' in ioc_pd_free(), which ensures\niocg is freed after iocg_waitq_timer_fn() returns.\n\nTherefore, add the check if iocg was already offlined to avoid warn\nwhen removing a blkcg or disk.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36908', 'https://git.kernel.org/linus/01bc4fda9ea0a6b52f12326486f07a4910666cf6 (6.9-rc5)', 'https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6', 'https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e', 'https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36908', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36908'], 'PublishedDate': '2024-05-30T16:15:14.3Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36909', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36909', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Drivers: hv: vmbus: Don&#39;t free ring buffers that couldn&#39;t be re-encrypted', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus ring buffer code could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the struct\nvmbus_gpadl for the ring buffers to decide whether to free the memory.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36909', 'https://git.kernel.org/linus/30d18df6567be09c1433e81993e35e3da573ac48 (6.9-rc4)', 'https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039', 'https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48', 'https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0', 'https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36909', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36909'], 'PublishedDate': '2024-05-30T16:15:14.38Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36910', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: uio_hv_generic: Don&#39;t free decrypted memory', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus device UIO driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36910', 'https://git.kernel.org/linus/3d788b2fbe6a1a1a9e3db09742b90809d51638b7 (6.9-rc4)', 'https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7', 'https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9', 'https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54', 'https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23', 'https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36910-6949@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36910', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36910'], 'PublishedDate': '2024-05-30T16:15:14.457Z', 'LastModifiedDate': '2024-07-03T02:03:48.127Z'}, {'VulnerabilityID': 'CVE-2024-36911', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: hv_netvsc: Don&#39;t free decrypted memory', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe netvsc driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36911', 'https://git.kernel.org/linus/bbf9ac34677b57506a13682b31a2a718934c0e31 (6.9-rc4)', 'https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b', 'https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4', 'https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31', 'https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36911-5ef6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36911', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36911'], 'PublishedDate': '2024-05-30T16:15:14.53Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36912', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Track decrypted status in vmbus_gpadl\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nIn order to make sure callers of vmbus_establish_gpadl() and\nvmbus_teardown_gpadl() don't return decrypted/shared pages to\nallocators, add a field in struct vmbus_gpadl to keep track of the\ndecryption status of the buffers. This will allow the callers to\nknow if they should free or leak the pages.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-1258'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36912', 'https://git.kernel.org/linus/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca (6.9-rc4)', 'https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81', 'https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca', 'https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8', 'https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99', 'https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36912-b637@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36912', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36912'], 'PublishedDate': '2024-05-30T16:15:14.607Z', 'LastModifiedDate': '2024-07-03T02:03:49.03Z'}, {'VulnerabilityID': 'CVE-2024-36913', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Leak pages if set_memory_encrypted() fails\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nVMBus code could free decrypted pages if set_memory_encrypted()/decrypted()\nfails. Leak the pages if this happens.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-1258'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36913', 'https://git.kernel.org/linus/03f5a999adba062456c8c818a683beb1b498983a (6.9-rc4)', 'https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a', 'https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6', 'https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36913', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36913'], 'PublishedDate': '2024-05-30T16:15:14.693Z', 'LastModifiedDate': '2024-07-03T02:03:49.87Z'}, {'VulnerabilityID': 'CVE-2024-36914', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36914', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip on writeback when it&#39;s not applicable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip on writeback when it\'s not applicable\n\n[WHY]\ndynamic memory safety error detector (KASAN) catches and generates error\nmessages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not\nsupport certain features which are not initialized.\n\n[HOW]\nSkip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36914', 'https://git.kernel.org/linus/ecedd99a9369fb5cde601ae9abd58bca2739f1ae (6.9-rc4)', 'https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7', 'https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d', 'https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae', 'https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36914-40cd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36914', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36914'], 'PublishedDate': '2024-05-30T16:15:14.79Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36915', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36915', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n  copy_from_sockptr include/linux/sockptr.h:55 [inline]\n  nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n  do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n  __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n  __do_sys_setsockopt net/socket.c:2343 [inline]\n  __se_sys_setsockopt net/socket.c:2340 [inline]\n  __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36915', 'https://git.kernel.org/linus/7a87441c9651ba37842f4809224aca13a554a26f (6.9-rc4)', 'https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8', 'https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107', 'https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f', 'https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36915-611e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36915', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36915'], 'PublishedDate': '2024-05-30T16:15:14.887Z', 'LastModifiedDate': '2024-08-19T05:15:06.46Z'}, {'VulnerabilityID': 'CVE-2024-36917', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36917', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix overflow in blk_ioctl_discard()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of 'start + len' in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n  start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36917', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 (6.9-rc3)', 'https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa', 'https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155', 'https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee', 'https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d', 'https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6', 'https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b', 'https://linux.oracle.com/cve/CVE-2024-36917.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36917-f9e3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36917', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36917'], 'PublishedDate': '2024-05-30T16:15:15.05Z', 'LastModifiedDate': '2024-10-10T12:15:04.06Z'}, {'VulnerabilityID': 'CVE-2024-36918', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Check bloom filter map value size', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36918', 'https://git.kernel.org/linus/a8d89feba7e54e691ca7c4efc2a6264fa83f3687 (6.9-rc2)', 'https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c', 'https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687', 'https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d', 'https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36918-f8bc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36918', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36918'], 'PublishedDate': '2024-05-30T16:15:15.13Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36920', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36920', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n  memcpy: detected field-spanning write (size 128) of single field "bsg_reply_buf->reply_buf" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n  WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array "__u8\nreplay_buf[1]" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number \'1\' from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-36920', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/429846b4b6ce9853e0d803a2357bb2e55083adf0 (6.9-rc2)', 'https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0', 'https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716', 'https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa', 'https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a', 'https://linux.oracle.com/cve/CVE-2024-36920.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36920-b4a7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36920', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36920'], 'PublishedDate': '2024-05-30T16:15:15.303Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36921', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36921', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: guard against invalid STA ID on removal\n\nGuard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would\nresult in out-of-bounds array accesses. This prevents issues should the\ndriver get into a bad state during error handling.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36921', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/17f64517bf5c26af56b6c3566273aad6646c3c4f (6.9-rc2)', 'https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f', 'https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294', 'https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f', 'https://linux.oracle.com/cve/CVE-2024-36921.html', 'https://linux.oracle.com/errata/ELSA-2024-5363.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36921-9f90@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36921', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36921'], 'PublishedDate': '2024-05-30T16:15:15.397Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36922', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36922', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: read txq-&gt;read_ptr under lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: read txq->read_ptr under lock\n\nIf we read txq->read_ptr without lock, we can read the same\nvalue twice, then obtain the lock, and reclaim from there\nto two different places, but crucially reclaim the same\nentry twice, resulting in the WARN_ONCE() a little later.\nFix that by reading txq->read_ptr under lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-36922', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265838', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273405', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275600', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275655', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275715', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278429', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281057', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281097', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281237', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281257', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281265', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281272', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281639', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281900', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284511', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293208', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293441', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293658', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297512', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297538', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297542', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297545', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://errata.rockylinux.org/RLSA-2024:5363', 'https://git.kernel.org/linus/c2ace6300600c634553657785dfe5ea0ed688ac2 (6.9-rc2)', 'https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89', 'https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa', 'https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2', 'https://linux.oracle.com/cve/CVE-2024-36922.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36922-f0df@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36922', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36922'], 'PublishedDate': '2024-05-30T16:15:15.47Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36923', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36923', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/9p: fix uninitialized values during inode evict', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized.  When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache.  Since the inode is\nbad, it shouldn't have any state associated with it that needs\nto be written back (and there really isn't a way to complete\nthose anyways).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36923', 'https://git.kernel.org/linus/6630036b7c228f57c7893ee0403e92c2db2cd21d (6.9-rc2)', 'https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd', 'https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36923-7fc8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36923', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36923'], 'PublishedDate': '2024-05-30T16:15:15.547Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36924', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36924', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock.  Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265794', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278337', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278435', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278473', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281647', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282669', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282898', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284506', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284598', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293412', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47459', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52458', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26737', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27030', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27046', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35857', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35885', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35907', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38580', 'https://errata.rockylinux.org/RLSA-2024:4928', 'https://git.kernel.org/linus/ded20192dff31c91cef2a04f7e20e60e9bb887d3 (6.9-rc2)', 'https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd', 'https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3', 'https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683', 'https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f', 'https://linux.oracle.com/cve/CVE-2024-36924.html', 'https://linux.oracle.com/errata/ELSA-2024-4928.html', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36924-6326@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36924', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36924'], 'PublishedDate': '2024-05-30T16:15:15.723Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36927', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36927', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipv4: Fix uninit-value access in __ip_make_skb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1].  __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4->flowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4->fl4_icmp_type and fl4->fl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-36927', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/fc1092f51567277509563800a3c56732070b6aa4 (6.9-rc7)', 'https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818', 'https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e', 'https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4', 'https://linux.oracle.com/cve/CVE-2024-36927.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36927-976e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36927', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36927'], 'PublishedDate': '2024-05-30T16:15:15.957Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36945', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36945', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/smc: fix neighbour and rtable leak in smc_ib_find_route()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix neighbour and rtable leak in smc_ib_find_route()\n\nIn smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable\nresolved by ip_route_output_flow() are not released or put before return.\nIt may cause the refcount leak, so fix it.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5101', 'https://access.redhat.com/security/cve/CVE-2024-36945', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265650', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2266594', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2270700', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273117', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275744', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281189', 'https://bugzilla.redhat.com/2281190', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282690', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284465', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293367', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2297558', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5101.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 (6.9)', 'https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06', 'https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2', 'https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff', 'https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db', 'https://linux.oracle.com/cve/CVE-2024-36945.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36945-18ae@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36945', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36945'], 'PublishedDate': '2024-05-30T16:15:17.48Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36948', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36948', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/xe_migrate: Cast to output precision before multiplying operands', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_migrate: Cast to output precision before multiplying operands\n\nAddressing potential overflow in result of  multiplication of two lower\nprecision (u32) operands before widening it to higher precision\n(u64).\n\n-v2\nFix commit message and description. (Rodrigo)\n\n(cherry picked from commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7)', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36948', 'https://git.kernel.org/linus/9cb46b31f3d08ed3fce86349e8c12f96d7c88717 (6.9-rc4)', 'https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717', 'https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36948', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36948'], 'PublishedDate': '2024-05-30T16:15:17.737Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36949', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: amd/amdkfd: sync all devices to wait all processes being evicted', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36949', 'https://git.kernel.org/linus/d06af584be5a769d124b7302b32a033e9559761d (6.9-rc4)', 'https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58', 'https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d', 'https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36949', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36949'], 'PublishedDate': '2024-05-30T16:15:17.93Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36951', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36951', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: range check cp bad op exception interrupts', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: range check cp bad op exception interrupts\n\nDue to a CP interrupt bug, bad packet garbage exception codes are raised.\nDo a range check so that the debugger and runtime do not receive garbage\ncodes.\nUpdate the user api to guard exception code type checking as well.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36951', 'https://git.kernel.org/linus/0cac183b98d8a8c692c98e8dba37df15a9e9210d (6.9-rc2)', 'https://git.kernel.org/stable/c/0cac183b98d8a8c692c98e8dba37df15a9e9210d', 'https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2', 'https://git.kernel.org/stable/c/b6735bfe941486c5dfc9c3085d2d75d4923f9449', 'https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36951-d3cb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36951', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36951'], 'PublishedDate': '2024-05-30T16:15:18.08Z', 'LastModifiedDate': '2024-05-30T18:18:58.87Z'}, {'VulnerabilityID': 'CVE-2024-36966', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: erofs: reliably distinguish block based and fscache mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: reliably distinguish block based and fscache mode\n\nWhen erofs_kill_sb() is called in block dev based mode, s_bdev may not\nhave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,\nit will be mistaken for fscache mode, and then attempt to free an anon_dev\nthat has never been allocated, triggering the following warning:\n\n============================================\nida_free called for id=0 which is not allocated.\nWARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140\nModules linked in:\nCPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630\nRIP: 0010:ida_free+0x134/0x140\nCall Trace:\n <TASK>\n erofs_kill_sb+0x81/0x90\n deactivate_locked_super+0x35/0x80\n get_tree_bdev+0x136/0x1e0\n vfs_get_tree+0x2c/0xf0\n do_new_mount+0x190/0x2f0\n [...]\n============================================\n\nNow when erofs_kill_sb() is called, erofs_sb_info must have been\ninitialised, so use sbi->fsid to distinguish between the two modes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36966', 'https://git.kernel.org/linus/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 (6.9-rc7)', 'https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606', 'https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe', 'https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371', 'https://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36966-8bbb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36966', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36966'], 'PublishedDate': '2024-06-08T13:15:57.917Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-36968', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36968', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev->le_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G        W          6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS:  0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\nModules linked in:\n---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190', 'CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36968', 'https://git.kernel.org/linus/a5b862c6a221459d54e494e88965b48dcfa6cc44 (6.10-rc1)', 'https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8', 'https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44', 'https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674', 'https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30', 'https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36968', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-36968'], 'PublishedDate': '2024-06-08T13:15:58.093Z', 'LastModifiedDate': '2024-07-17T16:59:39.987Z'}, {'VulnerabilityID': 'CVE-2024-36970', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-36970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: Use request_module_nowait', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary "load_module" var and now-wrong comment]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-36970', 'https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4', 'https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e', 'https://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-36970', 'https://www.cve.org/CVERecord?id=CVE-2024-36970'], 'PublishedDate': '2024-06-08T13:15:58.26Z', 'LastModifiedDate': '2024-06-10T02:52:08.267Z'}, {'VulnerabilityID': 'CVE-2024-37021', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-37021', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fpga: manager: add owner module and take its refcount', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: manager: add owner module and take its refcount\n\nThe current implementation of the fpga manager assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module's refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the manager if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_manager\nstruct and use it to take the module's refcount. Modify the functions for\nregistering the manager to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the manager as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a manager without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga manager.\n\nOther changes: opportunistically move put_device() from __fpga_mgr_get() to\nfpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the\nmanager device is taken in these functions.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-37021', 'https://git.kernel.org/linus/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9 (6.10-rc1)', 'https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad', 'https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9', 'https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb', 'https://lore.kernel.org/linux-cve-announce/2024062459-CVE-2024-37021-13d4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-37021', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-37021'], 'PublishedDate': '2024-06-24T14:15:12.237Z', 'LastModifiedDate': '2024-06-24T19:26:47.037Z'}, {'VulnerabilityID': 'CVE-2024-37354', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-37354', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix crash on racing fsync and size-extending write into prealloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n  BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n  ------------[ cut here ]------------\n  kernel BUG at fs/btrfs/ctree.c:2620!\n  invalid opcode: 0000 [#1] PREEMPT SMP PTI\n  CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n  RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n  #0  btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n  #1  btrfs_drop_extents (fs/btrfs/file.c:411:4)\n  #2  log_one_extent (fs/btrfs/tree-log.c:4732:9)\n  #3  btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n  #4  btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n  #5  btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n  #6  btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n  #7  btrfs_sync_file (fs/btrfs/file.c:1933:8)\n  #8  vfs_fsync_range (fs/sync.c:188:9)\n  #9  vfs_fsync (fs/sync.c:202:9)\n  #10 do_fsync (fs/sync.c:212:9)\n  #11 __do_sys_fdatasync (fs/sync.c:225:9)\n  #12 __se_sys_fdatasync (fs/sync.c:223:1)\n  #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n  #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n  #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n  #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we\'re logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n  >>> print_extent_buffer(prog.crashed_thread().stack_trace()[0]["eb"])\n  leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n  leaf 33439744 flags 0x100000000000000\n  fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n  chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n          item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n                  generation 7 transid 9 size 8192 nbytes 8473563889606862198\n                  block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n                  sequence 204 flags 0x10(PREALLOC)\n                  atime 1716417703.220000000 (2024-05-22 15:41:43)\n                  ctime 1716417704.983333333 (2024-05-22 15:41:44)\n                  mtime 1716417704.983333333 (2024-05-22 15:41:44)\n                  otime 17592186044416.000000000 (559444-03-08 01:40:16)\n          item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n                  index 195 namelen 3 name: 193\n          item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n                  location key (0 UNKNOWN.0 0) type XATTR\n                  transid 7 data_len 1 name_len 6\n                  name: user.a\n                  data a\n          item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n                  generation 9 type 1 (regular)\n                  extent data disk byte 303144960 nr 12288\n                  extent data offset 0 nr 4096 ram 12288\n                  extent compression 0 (none)\n          item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n                  generation 9 type 2 (prealloc)\n                  prealloc data disk byte 303144960 nr 12288\n                  prealloc data offset 4096 nr 8192\n          item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n                  generation 9 type 2 (prealloc)\n                  prealloc data disk byte 303144960 nr 12288\n                  prealloc data offset 8192 nr 4096\n  ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-37354', 'https://git.kernel.org/linus/9d274c19a71b3a276949933859610721a453946b (6.10-rc3)', 'https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428', 'https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097', 'https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b', 'https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011', 'https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-37354', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-37354'], 'PublishedDate': '2024-06-25T15:15:13.177Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-38306', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38306', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: protect folio::private when attaching extent buffer folios', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: protect folio::private when attaching extent buffer folios\n\n[BUG]\nSince v6.8 there are rare kernel crashes reported by various people,\nthe common factor is bad page status error messages like this:\n\n  BUG: Bad page state in process kswapd0  pfn:d6e840\n  page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c\n  pfn:0xd6e840\n  aops:btree_aops ino:1\n  flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff)\n  page_type: 0xffffffff()\n  raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0\n  raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000\n  page dumped because: non-NULL mapping\n\n[CAUSE]\nCommit 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method") changes the sequence when allocating a new\nextent buffer.\n\nPreviously we always called grab_extent_buffer() under\nmapping->i_private_lock, to ensure the safety on modification on\nfolio::private (which is a pointer to extent buffer for regular\nsectorsize).\n\nThis can lead to the following race:\n\nThread A is trying to allocate an extent buffer at bytenr X, with 4\n4K pages, meanwhile thread B is trying to release the page at X + 4K\n(the second page of the extent buffer at X).\n\n           Thread A                |                 Thread B\n-----------------------------------+-------------------------------------\n                                   | btree_release_folio()\n\t\t\t\t   | | This is for the page at X + 4K,\n\t\t\t\t   | | Not page X.\n\t\t\t\t   | |\nalloc_extent_buffer()              | |- release_extent_buffer()\n|- filemap_add_folio() for the     | |  |- atomic_dec_and_test(eb->refs)\n|  page at bytenr X (the first     | |  |\n|  page).                          | |  |\n|  Which returned -EEXIST.         | |  |\n|                                  | |  |\n|- filemap_lock_folio()            | |  |\n|  Returned the first page locked. | |  |\n|                                  | |  |\n|- grab_extent_buffer()            | |  |\n|  |- atomic_inc_not_zero()        | |  |\n|  |  Returned false               | |  |\n|  |- folio_detach_private()       | |  |- folio_detach_private() for X\n|     |- folio_test_private()      | |     |- folio_test_private()\n      |  Returned true             | |     |  Returned true\n      |- folio_put()               |       |- folio_put()\n\nNow there are two puts on the same folio at folio X, leading to refcount\nunderflow of the folio X, and eventually causing the BUG_ON() on the\npage->mapping.\n\nThe condition is not that easy to hit:\n\n- The release must be triggered for the middle page of an eb\n  If the release is on the same first page of an eb, page lock would kick\n  in and prevent the race.\n\n- folio_detach_private() has a very small race window\n  It\'s only between folio_test_private() and folio_clear_private().\n\nThat\'s exactly when mapping->i_private_lock is used to prevent such race,\nand commit 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method") screwed that up.\n\nAt that time, I thought the page lock would kick in as\nfilemap_release_folio() also requires the page to be locked, but forgot\nthe filemap_release_folio() only locks one page, not all pages of an\nextent buffer.\n\n[FIX]\nMove all the code requiring i_private_lock into\nattach_eb_folio_to_filemap(), so that everything is done with proper\nlock protection.\n\nFurthermore to prevent future problems, add an extra\nlockdep_assert_locked() to ensure we\'re holding the proper lock.\n\nTo reproducer that is able to hit the race (takes a few minutes with\ninstrumented code inserting delays to alloc_extent_buffer()):\n\n  #!/bin/sh\n  drop_caches () {\n\t  while(true); do\n\t\t  echo 3 > /proc/sys/vm/drop_caches\n\t\t  echo 1 > /proc/sys/vm/compact_memory\n\t  done\n  }\n\n  run_tar () {\n\t  while(true); do\n\t\t  for x in `seq 1 80` ; do\n\t\t\t  tar cf /dev/zero /mnt > /dev/null &\n\t\t  done\n\t\t  wait\n\t  done\n  }\n\n  mkfs.btrfs -f -d single -m single\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38306', 'https://git.kernel.org/linus/f3a5367c679d31473d3fbb391675055b4792c309 (6.10-rc3)', 'https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b', 'https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38306', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38306'], 'PublishedDate': '2024-06-25T15:15:13.367Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-38538', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38538', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: bridge: xmit: make sure we have at least eth header len bytes', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: xmit: make sure we have at least eth header len bytes\n\nsyzbot triggered an uninit value[1] error in bridge device's xmit path\nby sending a short (less than ETH_HLEN bytes) skb. To fix it check if\nwe can actually pull that amount instead of assuming.\n\nTested with dropwatch:\n drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)\n origin: software\n timestamp: Mon May 13 11:31:53 2024 778214037 nsec\n protocol: 0x88a8\n length: 2\n original length: 2\n drop reason: PKT_TOO_SMALL\n\n[1]\nBUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547\n __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n __bpf_tx_skb net/core/filter.c:2136 [inline]\n __bpf_redirect_common net/core/filter.c:2180 [inline]\n __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187\n ____bpf_clone_redirect net/core/filter.c:2460 [inline]\n bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432\n ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238\n bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]\n __bpf_prog_run include/linux/filter.h:657 [inline]\n bpf_prog_run include/linux/filter.h:664 [inline]\n bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425\n bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058\n bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678\n __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]\n __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765\n x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-38538', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc (6.10-rc1)', 'https://git.kernel.org/stable/c/1abb371147905ba250b4cc0230c4be7e90bea4d5', 'https://git.kernel.org/stable/c/28126b83f86ab9cc7936029c2dff845d3dcedba2', 'https://git.kernel.org/stable/c/5b5d669f569807c7ab07546e73c0741845a2547a', 'https://git.kernel.org/stable/c/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc', 'https://git.kernel.org/stable/c/f482fd4ce919836a49012b2d31b00fc36e2488f2', 'https://linux.oracle.com/cve/CVE-2024-38538.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38538-e28a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38538', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38538'], 'PublishedDate': '2024-06-19T14:15:14.107Z', 'LastModifiedDate': '2024-08-29T02:26:05.03Z'}, {'VulnerabilityID': 'CVE-2024-38540', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38540', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.\nIn that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n  UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n  shift exponent 64 is too large for 64-bit type \'long unsigned int\'\n  CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n  Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x5d/0x80\n   ubsan_epilogue+0x5/0x30\n   __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n   __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n   bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n   bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n   bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __kmalloc+0x1b6/0x4f0\n   ? create_qp.part.0+0x128/0x1c0 [ib_core]\n   ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n   create_qp.part.0+0x128/0x1c0 [ib_core]\n   ib_create_qp_kernel+0x50/0xd0 [ib_core]\n   create_mad_qp+0x8e/0xe0 [ib_core]\n   ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n   ib_mad_init_device+0x2be/0x680 [ib_core]\n   add_client_context+0x10d/0x1a0 [ib_core]\n   enable_device_and_get+0xe0/0x1d0 [ib_core]\n   ib_register_device+0x53c/0x630 [ib_core]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n   ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n   auxiliary_bus_probe+0x49/0x80\n   ? driver_sysfs_add+0x57/0xc0\n   really_probe+0xde/0x340\n   ? pm_runtime_barrier+0x54/0x90\n   ? __pfx___driver_attach+0x10/0x10\n   __driver_probe_device+0x78/0x110\n   driver_probe_device+0x1f/0xa0\n   __driver_attach+0xba/0x1c0\n   bus_for_each_dev+0x8f/0xe0\n   bus_add_driver+0x146/0x220\n   driver_register+0x72/0xd0\n   __auxiliary_driver_register+0x6e/0xd0\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   do_one_initcall+0x5b/0x310\n   do_init_module+0x90/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x121/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x82/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode_prepare+0x149/0x170\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode+0x75/0x230\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_syscall_64+0x8e/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __count_memcg_events+0x69/0x100\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? count_memcg_events.constprop.0+0x1a/0x30\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? handle_mm_fault+0x1f0/0x300\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_user_addr_fault+0x34e/0x640\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f4e5132821d\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n  RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n  RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n  R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n  R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n   </TASK>\n  ---[ end trace ]---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38540', 'https://git.kernel.org/linus/78cfd17142ef70599d6409cbd709d94b3da58659 (6.10-rc1)', 'https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc', 'https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659', 'https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753', 'https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98', 'https://linux.oracle.com/cve/CVE-2024-38540.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38540-1d0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38540', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38540'], 'PublishedDate': '2024-06-19T14:15:14.29Z', 'LastModifiedDate': '2024-06-20T12:44:01.637Z'}, {'VulnerabilityID': 'CVE-2024-38541', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38541', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: of: module: add buffer overflow check in of_modalias()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer's end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char).", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-120'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38541', 'https://git.kernel.org/linus/cf7385cb26ac4f0ee6c7385960525ad534323252 (6.10-rc1)', 'https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6', 'https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252', 'https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a', 'https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38541-53d0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38541', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38541'], 'PublishedDate': '2024-06-19T14:15:14.383Z', 'LastModifiedDate': '2024-07-03T02:05:10.09Z'}, {'VulnerabilityID': 'CVE-2024-38543', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38543', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlib/test_hmm.c: handle src_pfns and dst_pfns allocation failure\n\nThe kcalloc() in dmirror_device_evict_chunk() will return null if the\nphysical memory has run out.  As a result, if src_pfns or dst_pfns is\ndereferenced, the null pointer dereference bug will happen.\n\nMoreover, the device is going away.  If the kcalloc() fails, the pages\nmapping a chunk could not be evicted.  So add a __GFP_NOFAIL flag in\nkcalloc().\n\nFinally, as there is no need to have physically contiguous memory, Switch\nkcalloc() to kvcalloc() in order to avoid failing allocations.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38543', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267509', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273082', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273466', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275735', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280434', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281131', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284581', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293230', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293402', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293456', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294225', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663', 'https://errata.rockylinux.org/RLSA-2024:4583', 'https://git.kernel.org/linus/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 (6.10-rc1)', 'https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64', 'https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc', 'https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33', 'https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3', 'https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7', 'https://linux.oracle.com/cve/CVE-2024-38543.html', 'https://linux.oracle.com/errata/ELSA-2024-4583.html', 'https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38543-ff2e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38543', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38543'], 'PublishedDate': '2024-06-19T14:15:14.587Z', 'LastModifiedDate': '2024-08-29T02:24:30.617Z'}, {'VulnerabilityID': 'CVE-2024-38544', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38544', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix seg fault in rxe_comp_queue_pkt\n\nIn rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the\nresp_pkts queue and then a decision is made whether to run the completer\ntask inline or schedule it. Finally the skb is dereferenced to bump a 'hw'\nperformance counter. This is wrong because if the completer task is\nalready running in a separate thread it may have already processed the skb\nand freed it which can cause a seg fault.  This has been observed\ninfrequently in testing at high scale.\n\nThis patch fixes this by changing the order of enqueuing the packet until\nafter the counter is accessed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 6.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38544', 'https://git.kernel.org/linus/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 (6.10-rc1)', 'https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794', 'https://git.kernel.org/stable/c/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6', 'https://git.kernel.org/stable/c/30df4bef8b8e183333e9b6e9d4509d552c7da6eb', 'https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc', 'https://git.kernel.org/stable/c/de5a059e36657442b5637cc16df5163e435b9cb4', 'https://git.kernel.org/stable/c/e0e14dd35d4242340c7346aac60c7ff8fbf87ffc', 'https://git.kernel.org/stable/c/faa8d0ecf6c9c7c2ace3ca3e552180ada6f75e19', 'https://linux.oracle.com/cve/CVE-2024-38544.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061949-CVE-2024-38544-601b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38544', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38544'], 'PublishedDate': '2024-06-19T14:15:14.687Z', 'LastModifiedDate': '2024-10-17T14:15:06.36Z'}, {'VulnerabilityID': 'CVE-2024-38545', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38545', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix UAF for cq async event', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix UAF for cq async event\n\nThe refcount of CQ is not protected by locks. When CQ asynchronous\nevents and CQ destruction are concurrent, CQ may have been released,\nwhich will cause UAF.\n\nUse the xa_lock() to protect the CQ refcount.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38545', 'https://git.kernel.org/linus/a942ec2745ca864cd8512142100e4027dc306a42 (6.10-rc1)', 'https://git.kernel.org/stable/c/330c825e66ef65278e4ebe57fd49c1d6f3f4e34e', 'https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507', 'https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911', 'https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08', 'https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf', 'https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42', 'https://lore.kernel.org/linux-cve-announce/2024061949-CVE-2024-38545-7161@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38545', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38545'], 'PublishedDate': '2024-06-19T14:15:14.787Z', 'LastModifiedDate': '2024-10-17T14:15:06.45Z'}, {'VulnerabilityID': 'CVE-2024-38553', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38553', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: fec: remove .ndo_poll_controller to avoid deadlocks', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: remove .ndo_poll_controller to avoid deadlocks\n\nThere is a deadlock issue found in sungem driver, please refer to the\ncommit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid\ndeadlocks"). The root cause of the issue is that netpoll is in atomic\ncontext and disable_irq() is called by .ndo_poll_controller interface\nof sungem driver, however, disable_irq() might sleep. After analyzing\nthe implementation of fec_poll_controller(), the fec driver should have\nthe same issue. Due to the fec driver uses NAPI for TX completions, the\n.ndo_poll_controller is unnecessary to be implemented in the fec driver,\nso fec_poll_controller() can be safely removed.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38553', 'https://git.kernel.org/linus/c2e0c58b25a0a0c37ec643255558c5af4450c9f5 (6.10-rc1)', 'https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f', 'https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243', 'https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5', 'https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e', 'https://lore.kernel.org/linux-cve-announce/2024061951-CVE-2024-38553-2e34@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38553', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38553'], 'PublishedDate': '2024-06-19T14:15:15.55Z', 'LastModifiedDate': '2024-08-27T19:45:18.157Z'}, {'VulnerabilityID': 'CVE-2024-38554', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38554', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: Fix reference count leak issue of net_device', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object "net_device" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev->ax25_ptr is set to null.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38554', 'https://git.kernel.org/linus/36e56b1b002bb26440403053f19f9e1a8bc075b2 (6.10-rc1)', 'https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2', 'https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad', 'https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a', 'https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b', 'https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9', 'https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38554-29b0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38554', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38554'], 'PublishedDate': '2024-06-19T14:15:15.627Z', 'LastModifiedDate': '2024-08-27T19:55:32.897Z'}, {'VulnerabilityID': 'CVE-2024-38556', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38556', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Add a timeout to acquire the command queue semaphore', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38556', 'https://git.kernel.org/linus/485d65e1357123a697c591a5aeb773994b247ad7 (6.10-rc1)', 'https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918', 'https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7', 'https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6', 'https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b', 'https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319', 'https://linux.oracle.com/cve/CVE-2024-38556.html', 'https://linux.oracle.com/errata/ELSA-2024-8162.html', 'https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38556-8afa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38556', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38556'], 'PublishedDate': '2024-06-19T14:15:15.81Z', 'LastModifiedDate': '2024-06-20T12:44:01.637Z'}, {'VulnerabilityID': 'CVE-2024-38557', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38557', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Reload only IB representors upon lag disable/enable', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Reload only IB representors upon lag disable/enable\n\nOn lag disable, the bond IB device along with all of its\nrepresentors are destroyed, and then the slaves' representors get reloaded.\n\nIn case the slave IB representor load fails, the eswitch error flow\nunloads all representors, including ethernet representors, where the\nnetdevs get detached and removed from lag bond. Such flow is inaccurate\nas the lag driver is not responsible for loading/unloading ethernet\nrepresentors. Furthermore, the flow described above begins by holding\nlag lock to prevent bond changes during disable flow. However, when\nreaching the ethernet representors detachment from lag, the lag lock is\nrequired again, triggering the following deadlock:\n\nCall trace:\n__switch_to+0xf4/0x148\n__schedule+0x2c8/0x7d0\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x28\n__mutex_lock.isra.13+0x2b8/0x570\n__mutex_lock_slowpath+0x1c/0x28\nmutex_lock+0x4c/0x68\nmlx5_lag_remove_netdev+0x3c/0x1a0 [mlx5_core]\nmlx5e_uplink_rep_disable+0x70/0xa0 [mlx5_core]\nmlx5e_detach_netdev+0x6c/0xb0 [mlx5_core]\nmlx5e_netdev_change_profile+0x44/0x138 [mlx5_core]\nmlx5e_netdev_attach_nic_profile+0x28/0x38 [mlx5_core]\nmlx5e_vport_rep_unload+0x184/0x1b8 [mlx5_core]\nmlx5_esw_offloads_rep_load+0xd8/0xe0 [mlx5_core]\nmlx5_eswitch_reload_reps+0x74/0xd0 [mlx5_core]\nmlx5_disable_lag+0x130/0x138 [mlx5_core]\nmlx5_lag_disable_change+0x6c/0x70 [mlx5_core] // hold ldev->lock\nmlx5_devlink_eswitch_mode_set+0xc0/0x410 [mlx5_core]\ndevlink_nl_cmd_eswitch_set_doit+0xdc/0x180\ngenl_family_rcv_msg_doit.isra.17+0xe8/0x138\ngenl_rcv_msg+0xe4/0x220\nnetlink_rcv_skb+0x44/0x108\ngenl_rcv+0x40/0x58\nnetlink_unicast+0x198/0x268\nnetlink_sendmsg+0x1d4/0x418\nsock_sendmsg+0x54/0x60\n__sys_sendto+0xf4/0x120\n__arm64_sys_sendto+0x30/0x40\nel0_svc_common+0x8c/0x120\ndo_el0_svc+0x30/0xa0\nel0_svc+0x20/0x30\nel0_sync_handler+0x90/0xb8\nel0_sync+0x160/0x180\n\nThus, upon lag enable/disable, load and unload only the IB representors\nof the slaves preventing the deadlock mentioned above.\n\nWhile at it, refactor the mlx5_esw_offloads_rep_load() function to have\na static helper method for its internal logic, in symmetry with the\nrepresentor unload design.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38557', 'https://git.kernel.org/linus/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4 (6.10-rc1)', 'https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4', 'https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07', 'https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a', 'https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc', 'https://lore.kernel.org/linux-cve-announce/2024061953-CVE-2024-38557-2cb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38557', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38557'], 'PublishedDate': '2024-06-19T14:15:15.9Z', 'LastModifiedDate': '2024-08-29T02:23:35.88Z'}, {'VulnerabilityID': 'CVE-2024-38564', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type <> attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38564', 'https://git.kernel.org/linus/543576ec15b17c0c93301ac8297333c7b6e84ac7 (6.10-rc1)', 'https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7', 'https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d', 'https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd', 'https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172', 'https://lore.kernel.org/linux-cve-announce/2024061955-CVE-2024-38564-b069@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38564', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38564'], 'PublishedDate': '2024-06-19T14:15:16.56Z', 'LastModifiedDate': '2024-06-20T12:44:01.637Z'}, {'VulnerabilityID': 'CVE-2024-38594', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38594', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: stmmac: move the EST lock to struct stmmac_priv', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: move the EST lock to struct stmmac_priv\n\nReinitialize the whole EST structure would also reset the mutex\nlock which is embedded in the EST structure, and then trigger\nthe following warning. To address this, move the lock to struct\nstmmac_priv. We also need to reacquire the mutex lock when doing\nthis initialization.\n\nDEBUG_LOCKS_WARN_ON(lock->magic != lock)\nWARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/0x1068\n Modules linked in:\n CPU: 3 PID: 505 Comm: tc Not tainted 6.9.0-rc6-00053-g0106679839f7-dirty #29\n Hardware name: NXP i.MX8MPlus EVK board (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __mutex_lock+0xd84/0x1068\n lr : __mutex_lock+0xd84/0x1068\n sp : ffffffc0864e3570\n x29: ffffffc0864e3570 x28: ffffffc0817bdc78 x27: 0000000000000003\n x26: ffffff80c54f1808 x25: ffffff80c9164080 x24: ffffffc080d723ac\n x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffc083bc3000 x18: ffffffffffffffff\n x17: ffffffc08117b080 x16: 0000000000000002 x15: ffffff80d2d40000\n x14: 00000000000002da x13: ffffff80d2d404b8 x12: ffffffc082b5a5c8\n x11: ffffffc082bca680 x10: ffffffc082bb2640 x9 : ffffffc082bb2698\n x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000000001\n x5 : ffffff8178fe0d48 x4 : 0000000000000000 x3 : 0000000000000027\n x2 : ffffff8178fe0d50 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n  __mutex_lock+0xd84/0x1068\n  mutex_lock_nested+0x28/0x34\n  tc_setup_taprio+0x118/0x68c\n  stmmac_setup_tc+0x50/0xf0\n  taprio_change+0x868/0xc9c', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38594', 'https://git.kernel.org/linus/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197 (6.10-rc1)', 'https://git.kernel.org/stable/c/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197', 'https://git.kernel.org/stable/c/487f9030b1ef34bab123f2df2a4ccbe01ba84416', 'https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312', 'https://git.kernel.org/stable/c/b538fefeb1026aad9dcdcbb410c42b56dff8aae9', 'https://lore.kernel.org/linux-cve-announce/2024061955-CVE-2024-38594-75c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38594', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38594'], 'PublishedDate': '2024-06-19T14:15:19.467Z', 'LastModifiedDate': '2024-10-10T12:15:04.243Z'}, {'VulnerabilityID': 'CVE-2024-38608', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38608', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: Fix netif state handling', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n  mlx5e_attach_netdev\n   mlx5e_nic_enable  <-- netdev not reg, not calling netif_device_attach()\n  register_netdev <-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n <TASK>\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000  ]---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38608', 'https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)', 'https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644', 'https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6', 'https://linux.oracle.com/cve/CVE-2024-38608.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38608', 'https://www.cve.org/CVERecord?id=CVE-2024-38608'], 'PublishedDate': '2024-06-19T14:15:20.737Z', 'LastModifiedDate': '2024-08-27T15:58:56.9Z'}, {'VulnerabilityID': 'CVE-2024-38625', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38625', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fs/ntfs3: Check &#39;folio&#39; pointer for NULL', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38625', 'https://git.kernel.org/linus/1cd6c96219c429ebcfa8e79a865277376c563803 (6.10-rc1)', 'https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803', 'https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8', 'https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641', 'https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38625-2694@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38625', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38625'], 'PublishedDate': '2024-06-21T11:15:11.43Z', 'LastModifiedDate': '2024-06-21T11:22:01.687Z'}, {'VulnerabilityID': 'CVE-2024-38628', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38628', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.\n\nHang on to the control IDs instead of pointers since those are correctly\nhandled with locks.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38628', 'https://git.kernel.org/linus/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 (6.10-rc1)', 'https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464', 'https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0', 'https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09', 'https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068', 'https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38628-e2db@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38628', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38628'], 'PublishedDate': '2024-06-21T11:15:11.66Z', 'LastModifiedDate': '2024-06-21T11:22:01.687Z'}, {'VulnerabilityID': 'CVE-2024-38632', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38632', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vfio/pci: fix potential memory leak in vfio_intx_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38632', 'https://git.kernel.org/linus/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 (6.10-rc1)', 'https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376', 'https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140', 'https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2', 'https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079', 'https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594', 'https://lore.kernel.org/linux-cve-announce/2024062142-CVE-2024-38632-eaf6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38632', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38632'], 'PublishedDate': '2024-06-21T11:15:11.96Z', 'LastModifiedDate': '2024-10-17T14:15:06.73Z'}, {'VulnerabilityID': 'CVE-2024-38667', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-38667', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: riscv: prevent pt_regs corruption for secondary idle threads', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: prevent pt_regs corruption for secondary idle threads\n\nTop of the kernel thread stack should be reserved for pt_regs. However\nthis is not the case for the idle threads of the secondary boot harts.\nTheir stacks overlap with their pt_regs, so both may get corrupted.\n\nSimilar issue has been fixed for the primary hart, see c7cdd96eca28\n("riscv: prevent stack corruption by reserving task_pt_regs(p) early").\nHowever that fix was not propagated to the secondary harts. The problem\nhas been noticed in some CPU hotplug tests with V enabled. The function\nsmp_callin stored several registers on stack, corrupting top of pt_regs\nstructure including status field. As a result, kernel attempted to save\nor restore inexistent V context.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-38667', 'https://git.kernel.org/linus/a638b0461b58aa3205cd9d5f14d6f703d795b4af (6.10-rc2)', 'https://git.kernel.org/stable/c/0c1f28c32a194303da630fca89481334b9547b80', 'https://git.kernel.org/stable/c/3090c06d50eaa91317f84bf3eac4c265e6cb8d44', 'https://git.kernel.org/stable/c/a638b0461b58aa3205cd9d5f14d6f703d795b4af', 'https://git.kernel.org/stable/c/ea22d4195cca13d5fdbc4d6555a2dfb8a7867a9e', 'https://lore.kernel.org/linux-cve-announce/2024062431-CVE-2024-38667-83a6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-38667', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-38667'], 'PublishedDate': '2024-06-24T14:15:12.79Z', 'LastModifiedDate': '2024-06-26T13:53:56.883Z'}, {'VulnerabilityID': 'CVE-2024-39293', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39293', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Revert &#34;xsk: Support redirect to any socket bound to the same umem&#34;', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "xsk: Support redirect to any socket bound to the same umem"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39293', 'https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)', 'https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5', 'https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2', 'https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39293', 'https://www.cve.org/CVERecord?id=CVE-2024-39293'], 'PublishedDate': '2024-06-25T15:15:13.993Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39298', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39298', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS:  00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n </TASK>\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types  pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n <TASK>\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n </TASK>\n\nThe root cause should be the below race:\n\n memory_failure\n  try_memory_failure_hugetlb\n   me_huge_page\n    __page_handle_poison\n     dissolve_free_hugetlb_folio\n     drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n     take_page_off_buddy -- Failed as page is not in the \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39298', 'https://git.kernel.org/linus/8cf360b9d6a840700e06864236a01a883b34bbad (6.10-rc1)', 'https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b', 'https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd', 'https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad', 'https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e', 'https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39298', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39298'], 'PublishedDate': '2024-06-25T15:15:14.16Z', 'LastModifiedDate': '2024-06-25T18:50:42.04Z'}, {'VulnerabilityID': 'CVE-2024-39463', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39463', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: 9p: add missing locking around taking dentry fid list', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry's d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39463', 'https://git.kernel.org/linus/c898afdc15645efb555acb6d85b484eb40a45409 (6.10-rc2)', 'https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb', 'https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409', 'https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456', 'https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5', 'https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4', 'https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39463-42c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39463', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39463', 'https://www.zerodayinitiative.com/advisories/ZDI-24-1194/'], 'PublishedDate': '2024-06-25T15:15:14.76Z', 'LastModifiedDate': '2024-10-17T14:15:06.833Z'}, {'VulnerabilityID': 'CVE-2024-39497', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39497', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39497', 'https://git.kernel.org/linus/39bc27bd688066a63e56f7f64ad34fae03fbe3b8 (6.10-rc2)', 'https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86', 'https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263', 'https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8', 'https://lore.kernel.org/linux-cve-announce/2024071202-CVE-2024-39497-834c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39497', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39497'], 'PublishedDate': '2024-07-12T13:15:12.32Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-39508', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-39508', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\n\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n<snip>\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n<snip>\n\nLine numbers against commit 18daea77cca6 ("Merge tag \'for-linus\' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic "and" and "or" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-39508', 'https://git.kernel.org/linus/8a565304927fbd28c9f028c492b5c1714002cbab (6.10-rc1)', 'https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bf', 'https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbab', 'https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0', 'https://lore.kernel.org/linux-cve-announce/2024071206-CVE-2024-39508-20c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-39508', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-39508'], 'PublishedDate': '2024-07-12T13:15:13.13Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40900', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: remove requests from xarray during flushing requests', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: remove requests from xarray during flushing requests\n\nEven with CACHEFILES_DEAD set, we can still read the requests, so in the\nfollowing concurrency the request may be used after it has been freed:\n\n     mount  |   daemon_thread1    |    daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n  cachefiles_ondemand_send_req\n   REQ_A = kzalloc(sizeof(*req) + data_len)\n   wait_for_completion(&REQ_A->done)\n            cachefiles_daemon_read\n             cachefiles_ondemand_daemon_read\n                                  // close dev fd\n                                  cachefiles_flush_reqs\n                                   complete(&REQ_A->done)\n   kfree(REQ_A)\n              xa_lock(&cache->reqs);\n              cachefiles_ondemand_select_req\n                req->msg.opcode != CACHEFILES_OP_READ\n                // req use-after-free !!!\n              xa_unlock(&cache->reqs);\n                                   xa_destroy(&cache->reqs)\n\nHence remove requests from cache->reqs when flushing them to avoid\naccessing freed requests.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40900', 'https://git.kernel.org/linus/0fc75c5940fa634d84e64c93bfc388e1274ed013 (6.10-rc4)', 'https://git.kernel.org/stable/c/0fc75c5940fa634d84e64c93bfc388e1274ed013', 'https://git.kernel.org/stable/c/37e19cf86a520d65de1de9cb330415c332a40d19', 'https://git.kernel.org/stable/c/50d0e55356ba5b84ffb51c42704126124257e598', 'https://git.kernel.org/stable/c/9f13aacdd4ee9a7644b2a3c96d67113cd083c9c7', 'https://lore.kernel.org/linux-cve-announce/2024071207-CVE-2024-40900-7497@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40900', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40900'], 'PublishedDate': '2024-07-12T13:15:13.433Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40910', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ax25: Fix refcount imbalance on inbound connections', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount imbalance on inbound connections\n\nWhen releasing a socket in ax25_release(), we call netdev_put() to\ndecrease the refcount on the associated ax.25 device. However, the\nexecution path for accepting an incoming connection never calls\nnetdev_hold(). This imbalance leads to refcount errors, and ultimately\nto kernel crashes.\n\nA typical call trace for the above situation will start with one of the\nfollowing errors:\n\n    refcount_t: decrement hit 0; leaking memory.\n    refcount_t: underflow; use-after-free.\n\nAnd will then have a trace like:\n\n    Call Trace:\n    <TASK>\n    ? show_regs+0x64/0x70\n    ? __warn+0x83/0x120\n    ? refcount_warn_saturate+0xb2/0x100\n    ? report_bug+0x158/0x190\n    ? prb_read_valid+0x20/0x30\n    ? handle_bug+0x3e/0x70\n    ? exc_invalid_op+0x1c/0x70\n    ? asm_exc_invalid_op+0x1f/0x30\n    ? refcount_warn_saturate+0xb2/0x100\n    ? refcount_warn_saturate+0xb2/0x100\n    ax25_release+0x2ad/0x360\n    __sock_release+0x35/0xa0\n    sock_close+0x19/0x20\n    [...]\n\nOn reboot (or any attempt to remove the interface), the kernel gets\nstuck in an infinite loop:\n\n    unregister_netdevice: waiting for ax0 to become free. Usage count = 0\n\nThis patch corrects these issues by ensuring that we call netdev_hold()\nand ax25_dev_hold() for new connections in ax25_accept(). This makes the\nlogic leading to ax25_accept() match the logic for ax25_bind(): in both\ncases we increment the refcount, which is ultimately decremented in\nax25_release().', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40910', 'https://git.kernel.org/linus/3c34fb0bd4a4237592c5ecb5b2e2531900c55774 (6.10-rc3)', 'https://git.kernel.org/stable/c/3c34fb0bd4a4237592c5ecb5b2e2531900c55774', 'https://git.kernel.org/stable/c/52100fd74ad07b53a4666feafff1cd11436362d3', 'https://git.kernel.org/stable/c/a723a6c8d4831cc8e2c7b0c9f3f0c010d4671964', 'https://git.kernel.org/stable/c/f4df9d6c8d4e4c818252b0419c2165d66eabd4eb', 'https://lore.kernel.org/linux-cve-announce/2024071210-CVE-2024-40910-d7d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40910', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40910'], 'PublishedDate': '2024-07-12T13:15:14.213Z', 'LastModifiedDate': '2024-08-29T13:55:38.203Z'}, {'VulnerabilityID': 'CVE-2024-40918', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: Try to fix random segmentation faults in package builds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Try to fix random segmentation faults in package builds\n\nPA-RISC systems with PA8800 and PA8900 processors have had problems\nwith random segmentation faults for many years.  Systems with earlier\nprocessors are much more stable.\n\nSystems with PA8800 and PA8900 processors have a large L2 cache which\nneeds per page flushing for decent performance when a large range is\nflushed. The combined cache in these systems is also more sensitive to\nnon-equivalent aliases than the caches in earlier systems.\n\nThe majority of random segmentation faults that I have looked at\nappear to be memory corruption in memory allocated using mmap and\nmalloc.\n\nMy first attempt at fixing the random faults didn't work. On\nreviewing the cache code, I realized that there were two issues\nwhich the existing code didn't handle correctly. Both relate\nto cache move-in. Another issue is that the present bit in PTEs\nis racy.\n\n1) PA-RISC caches have a mind of their own and they can speculatively\nload data and instructions for a page as long as there is a entry in\nthe TLB for the page which allows move-in. TLBs are local to each\nCPU. Thus, the TLB entry for a page must be purged before flushing\nthe page. This is particularly important on SMP systems.\n\nIn some of the flush routines, the flush routine would be called\nand then the TLB entry would be purged. This was because the flush\nroutine needed the TLB entry to do the flush.\n\n2) My initial approach to trying the fix the random faults was to\ntry and use flush_cache_page_if_present for all flush operations.\nThis actually made things worse and led to a couple of hardware\nlockups. It finally dawned on me that some lines weren't being\nflushed because the pte check code was racy. This resulted in\nrandom inequivalent mappings to physical pages.\n\nThe __flush_cache_page tmpalias flush sets up its own TLB entry\nand it doesn't need the existing TLB entry. As long as we can find\nthe pte pointer for the vm page, we can get the pfn and physical\naddress of the page. We can also purge the TLB entry for the page\nbefore doing the flush. Further, __flush_cache_page uses a special\nTLB entry that inhibits cache move-in.\n\nWhen switching page mappings, we need to ensure that lines are\nremoved from the cache.  It is not sufficient to just flush the\nlines to memory as they may come back.\n\nThis made it clear that we needed to implement all the required\nflush operations using tmpalias routines. This includes flushes\nfor user and kernel pages.\n\nAfter modifying the code to use tmpalias flushes, it became clear\nthat the random segmentation faults were not fully resolved. The\nfrequency of faults was worse on systems with a 64 MB L2 (PA8900)\nand systems with more CPUs (rp4440).\n\nThe warning that I added to flush_cache_page_if_present to detect\npages that couldn't be flushed triggered frequently on some systems.\n\nHelge and I looked at the pages that couldn't be flushed and found\nthat the PTE was either cleared or for a swap page. Ignoring pages\nthat were swapped out seemed okay but pages with cleared PTEs seemed\nproblematic.\n\nI looked at routines related to pte_clear and noticed ptep_clear_flush.\nThe default implementation just flushes the TLB entry. However, it was\nobvious that on parisc we need to flush the cache page as well. If\nwe don't flush the cache page, stale lines will be left in the cache\nand cause random corruption. Once a PTE is cleared, there is no way\nto find the physical address associated with the PTE and flush the\nassociated page at a later time.\n\nI implemented an updated change with a parisc specific version of\nptep_clear_flush. It fixed the random data corruption on Helge's rp4440\nand rp3440, as well as on my c8000.\n\nAt this point, I realized that I could restore the code where we only\nflush in flush_cache_page_if_present if the page has been accessed.\nHowever, for this, we also need to flush the cache when the accessed\nbit is cleared in\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40918', 'https://git.kernel.org/linus/72d95924ee35c8cd16ef52f912483ee938a34d49 (6.10-rc4)', 'https://git.kernel.org/stable/c/5bf196f1936bf93df31112fbdfb78c03537c07b0', 'https://git.kernel.org/stable/c/72d95924ee35c8cd16ef52f912483ee938a34d49', 'https://git.kernel.org/stable/c/d66f2607d89f760cdffed88b22f309c895a2af20', 'https://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40918-1830@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40918', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40918'], 'PublishedDate': '2024-07-12T13:15:14.863Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40953', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40953', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\n\nUse {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the\nloads and stores are atomic.  In the extremely unlikely scenario the\ncompiler tears the stores, it's theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\n\n  CPU0                              CPU1\n  last_boosted_vcpu = 0xff;\n\n                                    (last_boosted_vcpu = 0x100)\n                                    last_boosted_vcpu[15:8] = 0x01;\n  i = (last_boosted_vcpu = 0x1ff)\n                                    last_boosted_vcpu[7:0] = 0x00;\n\n  vcpu = kvm->vcpu_array[0x1ff];\n\nAs detected by KCSAN:\n\n  BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\n\n  write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\n  kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\n  handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n  vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t arch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n  vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n  kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n  kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n  __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n  __x64_sys_ioctl (fs/ioctl.c:890)\n  x64_sys_call (arch/x86/entry/syscall_64.c:33)\n  do_syscall_64 (arch/x86/entry/common.c:?)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n  read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\n  kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\n  handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n  vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t\tarch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n  vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n  kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n  kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n  __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n  __x64_sys_ioctl (fs/ioctl.c:890)\n  x64_sys_call (arch/x86/entry/syscall_64.c:33)\n  do_syscall_64 (arch/x86/entry/common.c:?)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n  value changed: 0x00000012 -> 0x00000000", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40953', 'https://git.kernel.org/linus/49f683b41f28918df3e51ddc0d928cb2e934ccdb (6.10-rc5)', 'https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb', 'https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c', 'https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60', 'https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20', 'https://lore.kernel.org/linux-cve-announce/2024071223-CVE-2024-40953-8685@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40953', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40953'], 'PublishedDate': '2024-07-12T13:15:17.56Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40965', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40965', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: i2c: lpi2c: Avoid calling clk_get_rate during transfer', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: lpi2c: Avoid calling clk_get_rate during transfer\n\nInstead of repeatedly calling clk_get_rate for each transfer, lock\nthe clock rate and cache the value.\nA deadlock has been observed while adding tlv320aic32x4 audio codec to\nthe system. When this clock provider adds its clock, the clk mutex is\nlocked already, it needs to access i2c, which in return needs the mutex\nfor clk_get_rate as well.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40965', 'https://git.kernel.org/linus/4268254a39484fc11ba991ae148bacbe75d9cc0a (6.10-rc1)', 'https://git.kernel.org/stable/c/2b42e9587a7a9c7b824e0feb92958f258263963e', 'https://git.kernel.org/stable/c/4268254a39484fc11ba991ae148bacbe75d9cc0a', 'https://lore.kernel.org/linux-cve-announce/2024071227-CVE-2024-40965-d9b9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40965', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40965'], 'PublishedDate': '2024-07-12T13:15:18.37Z', 'LastModifiedDate': '2024-09-09T17:57:18.697Z'}, {'VulnerabilityID': 'CVE-2024-40966', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40966', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: tty: add the option to have a tty reject a new ldisc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: add the option to have a tty reject a new ldisc\n\n... and use it to limit the virtual terminals to just N_TTY.  They are\nkind of special, and in particular, the "con_write()" routine violates\nthe "writes cannot sleep" rule that some ldiscs rely on.\n\nThis avoids the\n\n   BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659\n\nwhen N_GSM has been attached to a virtual console, and gsmld_write()\ncalls con_write() while holding a spinlock, and con_write() then tries\nto get the console lock.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40966', 'https://git.kernel.org/linus/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b (6.10-rc1)', 'https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409', 'https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937', 'https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86', 'https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b', 'https://lore.kernel.org/linux-cve-announce/2024071227-CVE-2024-40966-cea6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40966', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40966'], 'PublishedDate': '2024-07-12T13:15:18.42Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40969', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40969', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: f2fs: don't set RO when shutting down f2fs", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: don't set RO when shutting down f2fs\n\nShutdown does not check the error of thaw_super due to readonly, which\ncauses a deadlock like below.\n\nf2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC)        issue_discard_thread\n - bdev_freeze\n  - freeze_super\n - f2fs_stop_checkpoint()\n  - f2fs_handle_critical_error                     - sb_start_write\n    - set RO                                         - waiting\n - bdev_thaw\n  - thaw_super_locked\n    - return -EINVAL, if sb_rdonly()\n - f2fs_stop_discard_thread\n  -> wait for kthread_stop(discard_thread);", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40969', 'https://git.kernel.org/linus/3bdb7f161697e2d5123b89fe1778ef17a44858e7 (6.10-rc1)', 'https://git.kernel.org/stable/c/1036d3ea7a32cb7cee00885c73a1f2ba7fbc499a', 'https://git.kernel.org/stable/c/3bdb7f161697e2d5123b89fe1778ef17a44858e7', 'https://git.kernel.org/stable/c/f47ed3b284b38f235355e281f57dfa8fffcc6563', 'https://lore.kernel.org/linux-cve-announce/2024071228-CVE-2024-40969-6507@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40969', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40969'], 'PublishedDate': '2024-07-12T13:15:18.627Z', 'LastModifiedDate': '2024-09-09T17:59:29.787Z'}, {'VulnerabilityID': 'CVE-2024-40972', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: do not create EA inode under buffer lock', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40972', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0a46ef234756dca04623b7591e8ebb3440622f0b (6.10-rc1)', 'https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd', 'https://git.kernel.org/stable/c/0a46ef234756dca04623b7591e8ebb3440622f0b', 'https://git.kernel.org/stable/c/111103907234bffd0a34fba070ad9367de058752', 'https://git.kernel.org/stable/c/737fb7853acd5bc8984f6f42e4bfba3334be8ae1', 'https://linux.oracle.com/cve/CVE-2024-40972.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40972-1569@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40972', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40972'], 'PublishedDate': '2024-07-12T13:15:18.82Z', 'LastModifiedDate': '2024-08-29T17:15:07.83Z'}, {'VulnerabilityID': 'CVE-2024-40973', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40973', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mtk-vcodec: potential null pointer deference in SCP', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40973', 'https://git.kernel.org/linus/53dbe08504442dc7ba4865c09b3bbf5fe849681b (6.10-rc1)', 'https://git.kernel.org/stable/c/3a693c7e243b932faee5c1fb728efa73f0abc39b', 'https://git.kernel.org/stable/c/53dbe08504442dc7ba4865c09b3bbf5fe849681b', 'https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354', 'https://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40973-ace1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40973', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40973'], 'PublishedDate': '2024-07-12T13:15:18.89Z', 'LastModifiedDate': '2024-09-09T18:09:01.393Z'}, {'VulnerabilityID': 'CVE-2024-40975', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40975', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Unregister devices in reverse order\n\nNot all subsystems support a device getting removed while there are\nstill consumers of the device with a reference to the device.\n\nOne example of this is the regulator subsystem. If a regulator gets\nunregistered while there are still drivers holding a reference\na WARN() at drivers/regulator/core.c:5829 triggers, e.g.:\n\n WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister\n Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015\n RIP: 0010:regulator_unregister\n Call Trace:\n  <TASK>\n  regulator_unregister\n  devres_release_group\n  i2c_device_remove\n  device_release_driver_internal\n  bus_remove_device\n  device_del\n  device_unregister\n  x86_android_tablet_remove\n\nOn the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides\na 5V boost converter output for powering USB devices connected to the micro\nUSB port, the bq24190-charger driver exports this as a Vbus regulator.\n\nOn the 830 (8") and 1050 ("10") models this regulator is controlled by\na platform_device and x86_android_tablet_remove() removes platform_device-s\nbefore i2c_clients so the consumer gets removed first.\n\nBut on the 1380 (13") model there is a lc824206xa micro-USB switch\nconnected over I2C and the extcon driver for that controls the regulator.\nThe bq24190 i2c-client *must* be registered first, because that creates\nthe regulator with the lc824206xa listed as its consumer. If the regulator\nhas not been registered yet the lc824206xa driver will end up getting\na dummy regulator.\n\nSince in this case both the regulator provider and consumer are I2C\ndevices, the only way to ensure that the consumer is unregistered first\nis to unregister the I2C devices in reverse order of in which they were\ncreated.\n\nFor consistency and to avoid similar problems in the future change\nx86_android_tablet_remove() to unregister all device types in reverse\norder.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40975', 'https://git.kernel.org/linus/3de0f2627ef849735f155c1818247f58404dddfe (6.10-rc1)', 'https://git.kernel.org/stable/c/3de0f2627ef849735f155c1818247f58404dddfe', 'https://git.kernel.org/stable/c/f0c982853d665597d17e4995ff479fbbf79a9cf6', 'https://lore.kernel.org/linux-cve-announce/2024071230-CVE-2024-40975-f7d8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40975', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40975'], 'PublishedDate': '2024-07-12T13:15:19.007Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40977', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40977', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/ecf0b2b8a37c8464186620bef37812a117ff6366 (6.10-rc1)', 'https://git.kernel.org/stable/c/0b81faa05b0b9feb3ae2d69be1d21f0d126ecb08', 'https://git.kernel.org/stable/c/85edd783f4539a994d66c4c014d5858f490b7a02', 'https://git.kernel.org/stable/c/e974dd4c22a23ec3ce579fb6d31a674ac0435da9', 'https://git.kernel.org/stable/c/ecf0b2b8a37c8464186620bef37812a117ff6366', 'https://linux.oracle.com/cve/CVE-2024-40977.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071230-CVE-2024-40977-07c8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40977', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40977'], 'PublishedDate': '2024-07-12T13:15:19.143Z', 'LastModifiedDate': '2024-09-09T18:11:49.467Z'}, {'VulnerabilityID': 'CVE-2024-40979', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40979', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix kernel crash during resume', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix kernel crash during resume\n\nCurrently during resume, QMI target memory is not properly handled, resulting\nin kernel crash in case DMA remap is not supported:\n\nBUG: Bad page state in process kworker/u16:54  pfn:36e80\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80\npage dumped because: nonzero _refcount\nCall Trace:\n bad_page\n free_page_is_bad_report\n __free_pages_ok\n __free_pages\n dma_direct_free\n dma_free_attrs\n ath12k_qmi_free_target_mem_chunk\n ath12k_qmi_msg_mem_request_cb\n\nThe reason is:\nOnce ath12k module is loaded, firmware sends memory request to host. In case\nDMA remap not supported, ath12k refuses the first request due to failure in\nallocating with large segment size:\n\nath12k_pci 0000:04:00.0: qmi firmware request memory request\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 7077888\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 8454144\nath12k_pci 0000:04:00.0: qmi dma allocation failed (7077888 B type 1), will try later with small size\nath12k_pci 0000:04:00.0: qmi delays mem_request 2\nath12k_pci 0000:04:00.0: qmi firmware request memory request\n\nLater firmware comes back with more but small segments and allocation\nsucceeds:\n\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 262144\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 65536\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\n\nNow ath12k is working. If suspend is triggered, firmware will be reloaded\nduring resume. As same as before, firmware requests two large segments at\nfirst. In ath12k_qmi_msg_mem_request_cb() segment count and size are\nassigned:\n\n\tab->qmi.mem_seg_count == 2\n\tab->qmi.target_mem[0].size == 7077888\n\tab->qmi.target_mem[1].size == 8454144\n\nThen allocation failed like before and ath12k_qmi_free_target_mem_chunk()\nis called to free all allocated segments. Note the first segment is skipped\nbecause its v.addr is cleared due to allocation failure:\n\n\tchunk->v.addr = dma_alloc_coherent()\n\nAlso note that this leaks that segment because it has not been freed.\n\nWhile freeing the second segment, a size of 8454144 is passed to\ndma_free_coherent(). However remember that this segment is allocated at\nthe first time firmware is loaded, before suspend. So its real size is\n524288, much smaller than 8454144. As a result kernel found we are freeing\nsome memory which is in use and thus cras\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40979', 'https://git.kernel.org/linus/303c017821d88ebad887814114d4e5966d320b28 (6.10-rc1)', 'https://git.kernel.org/stable/c/303c017821d88ebad887814114d4e5966d320b28', 'https://git.kernel.org/stable/c/bb50a4e711ff95348ad53641acb1306d89eb4c3a', 'https://lore.kernel.org/linux-cve-announce/2024071231-CVE-2024-40979-4cfa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40979', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40979'], 'PublishedDate': '2024-07-12T13:15:19.477Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40982', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40982', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ssb: Fix potential NULL pointer dereference in ssb_device_uevent()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nssb: Fix potential NULL pointer dereference in ssb_device_uevent()\n\nThe ssb_device_uevent() function first attempts to convert the 'dev' pointer\nto 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before\nperforming the NULL check, potentially leading to a NULL pointer\ndereference if 'dev' is NULL.\n\nTo fix this issue, move the NULL check before dereferencing the 'dev' pointer,\nensuring that the pointer is valid before attempting to use it.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40982', 'https://git.kernel.org/linus/789c17185fb0f39560496c2beab9b57ce1d0cbe7 (6.10-rc1)', 'https://git.kernel.org/stable/c/789c17185fb0f39560496c2beab9b57ce1d0cbe7', 'https://git.kernel.org/stable/c/7d43c8377c6fc846b1812f8df360425c9323dc56', 'https://git.kernel.org/stable/c/c5dc2d8eb3981bae261ea7d1060a80868e886813', 'https://lore.kernel.org/linux-cve-announce/2024071232-CVE-2024-40982-149b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40982', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40982'], 'PublishedDate': '2024-07-12T13:15:19.8Z', 'LastModifiedDate': '2024-09-09T18:13:13.997Z'}, {'VulnerabilityID': 'CVE-2024-40989', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40989', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don't have\nany dangling pointer to that region stored in a vcpu.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40989', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8 (6.10-rc5)', 'https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8', 'https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76', 'https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c', 'https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77', 'https://linux.oracle.com/cve/CVE-2024-40989.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071249-CVE-2024-40989-c8da@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40989', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40989'], 'PublishedDate': '2024-07-12T13:15:20.31Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40998', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40998', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: fix uninitialized ratelimit_state-&gt;lock access in __ext4_fill_super()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()\n\nIn the following concurrency we will access the uninitialized rs->lock:\n\next4_fill_super\n  ext4_register_sysfs\n   // sysfs registered msg_ratelimit_interval_ms\n                             // Other processes modify rs->interval to\n                             // non-zero via msg_ratelimit_interval_ms\n  ext4_orphan_cleanup\n    ext4_msg(sb, KERN_INFO, "Errors on filesystem, "\n      __ext4_msg\n        ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state)\n          if (!rs->interval)  // do nothing if interval is 0\n            return 1;\n          raw_spin_trylock_irqsave(&rs->lock, flags)\n            raw_spin_trylock(lock)\n              _raw_spin_trylock\n                __raw_spin_trylock\n                  spin_acquire(&lock->dep_map, 0, 1, _RET_IP_)\n                    lock_acquire\n                      __lock_acquire\n                        register_lock_class\n                          assign_lock_key\n                            dump_stack();\n  ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10);\n    raw_spin_lock_init(&rs->lock);\n    // init rs->lock here\n\nand get the following dump_stack:\n\n=========================================================\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\'t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504\n[...]\nCall Trace:\n dump_stack_lvl+0xc5/0x170\n dump_stack+0x18/0x30\n register_lock_class+0x740/0x7c0\n __lock_acquire+0x69/0x13a0\n lock_acquire+0x120/0x450\n _raw_spin_trylock+0x98/0xd0\n ___ratelimit+0xf6/0x220\n __ext4_msg+0x7f/0x160 [ext4]\n ext4_orphan_cleanup+0x665/0x740 [ext4]\n __ext4_fill_super+0x21ea/0x2b10 [ext4]\n ext4_fill_super+0x14d/0x360 [ext4]\n[...]\n=========================================================\n\nNormally interval is 0 until s_msg_ratelimit_state is initialized, so\n___ratelimit() does nothing. But registering sysfs precedes initializing\nrs->lock, so it is possible to change rs->interval to a non-zero value\nvia the msg_ratelimit_interval_ms interface of sysfs while rs->lock is\nuninitialized, and then a call to ext4_msg triggers the problem by\naccessing an uninitialized rs->lock. Therefore register sysfs after all\ninitializations are complete to avoid such problems.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-40998', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c (6.10-rc1)', 'https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c', 'https://git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798', 'https://git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c', 'https://linux.oracle.com/cve/CVE-2024-40998.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40998-90d6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40998', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40998'], 'PublishedDate': '2024-07-12T13:15:20.857Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-40999', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-40999', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ena: Add validation for completion descriptors consistency', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-40999', 'https://git.kernel.org/linus/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7 (6.10-rc1)', 'https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e', 'https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7', 'https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40999-8c1b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-40999', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-40999'], 'PublishedDate': '2024-07-12T13:15:20.92Z', 'LastModifiedDate': '2024-07-12T16:34:58.687Z'}, {'VulnerabilityID': 'CVE-2024-41001', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41001', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: io_uring/sqpoll: work around a potential audit memory leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there\'s a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm "iou-sqp-455", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace (crc 2e481b1a):\n[<00000000c0a26af4>] kmemleak_alloc+0x30/0x38\n[<000000009c30bb45>] kmalloc_trace+0x228/0x358\n[<000000009da9d39f>] __audit_sockaddr+0xd0/0x138\n[<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8\n[<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4\n[<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48\n[<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4\n[<00000000d999b491>] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n   audit call.\n2) The thread hasn\'t done any operations before this that triggered\n   an audit call inside ->issue(), where we have audit_uring_entry()\n   and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41001', 'https://git.kernel.org/linus/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae (6.10-rc1)', 'https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227', 'https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667', 'https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3', 'https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae', 'https://lore.kernel.org/linux-cve-announce/2024071253-CVE-2024-41001-7879@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41001', 'https://ubuntu.com/security/notices/USN-6999-1', 'https://ubuntu.com/security/notices/USN-6999-2', 'https://ubuntu.com/security/notices/USN-7004-1', 'https://ubuntu.com/security/notices/USN-7005-1', 'https://ubuntu.com/security/notices/USN-7005-2', 'https://ubuntu.com/security/notices/USN-7008-1', 'https://ubuntu.com/security/notices/USN-7029-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41001'], 'PublishedDate': '2024-07-12T13:15:21.053Z', 'LastModifiedDate': '2024-08-21T16:17:45.513Z'}, {'VulnerabilityID': 'CVE-2024-41008', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: change vm-&gt;task_info handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm->task_info handling\n\nThis patch changes the handling and lifecycle of vm->task_info object.\nThe major changes are:\n- vm->task_info is a dynamically allocated ptr now, and its uasge is\n  reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n    - amdgpu_vm_get_task_info: reference counts up task_info before\n      returning this info\n    - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm->task_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n   - Fix wrong indentation\n   - No debug message for -ENOMEM\n   - Add NULL check for task_info\n   - Do not duplicate the debug messages (ti vs no ti)\n   - Get first reference of task_info in vm_init(), put last\n     in vm_fini()\n\nV4: Fixed review comments from Felix\n   - fix double reference increment in create_task_info\n   - change amdgpu_vm_get_task_info_pasid\n   - additional changes in amdgpu_gem.c while porting', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41008', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)', 'https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c', 'https://linux.oracle.com/cve/CVE-2024-41008.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41008', 'https://www.cve.org/CVERecord?id=CVE-2024-41008'], 'PublishedDate': '2024-07-16T08:15:02.24Z', 'LastModifiedDate': '2024-07-16T13:43:58.773Z'}, {'VulnerabilityID': 'CVE-2024-41013', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: don&#39;t walk off the end of a directory data block', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41013', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)', 'https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a', 'https://linux.oracle.com/cve/CVE-2024-41013.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41013', 'https://www.cve.org/CVERecord?id=CVE-2024-41013'], 'PublishedDate': '2024-07-29T07:15:05.43Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41014', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41014', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xfs: add bounds checking to xlog_recover_process_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n    1) Mount an image of xfs, and do some file operations to leave records\n    2) Before umounting, copy the image for subsequent steps to simulate\n       abnormal exit. Because umount will ensure that tail_blk and\n       head_blk are the same, which will result in the inability to enter\n       xlog_recover_process_data\n    3) Write a tool to parse and modify the copied image in step 2\n    4) Make the end of the xlog_op_header entries only 1 byte away from\n       xlog_rec_header->h_size\n    5) xlog_rec_header->h_num_logops++\n    6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-41014', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)', 'https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196', 'https://linux.oracle.com/cve/CVE-2024-41014.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41014', 'https://www.cve.org/CVERecord?id=CVE-2024-41014'], 'PublishedDate': '2024-07-29T07:15:05.81Z', 'LastModifiedDate': '2024-07-29T14:12:08.783Z'}, {'VulnerabilityID': 'CVE-2024-41016', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested.  It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41016', 'https://git.kernel.org/linus/af77c4fc1871847b528d58b7fdafb4aa1f6a9262 (6.11-rc1)', 'https://git.kernel.org/stable/c/57a3d89831fcaa2cdbe024b47c7c36d5a56c3637', 'https://git.kernel.org/stable/c/af77c4fc1871847b528d58b7fdafb4aa1f6a9262', 'https://git.kernel.org/stable/c/c031d286eceb82f72f8623b7f4abd2aa491bfb5e', 'https://git.kernel.org/stable/c/c726dea9d0c806d64c26fcef483b1fb9474d8c5e', 'https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180', 'https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41016-fcf9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41016', 'https://www.cve.org/CVERecord?id=CVE-2024-41016'], 'PublishedDate': '2024-07-29T07:15:06.293Z', 'LastModifiedDate': '2024-10-17T14:15:07.01Z'}, {'VulnerabilityID': 'CVE-2024-41023', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41023', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: sched/deadline: Fix task_struct reference leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n  comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s)\n  object hex dump (first 32 bytes):\n    02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  debug hex dump (first 16 bytes):\n    53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\n  backtrace:\n    [<00000000046b6790>] dup_task_struct+0x30/0x540\n    [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n    [<00000000ced59777>] kernel_clone+0xb0/0x770\n    [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n    [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n    [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7000', 'https://access.redhat.com/security/cve/CVE-2024-41023', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2265838', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2270103', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275558', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282648', 'https://bugzilla.redhat.com/2282669', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282764', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284511', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284630', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293414', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300381', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300439', 'https://bugzilla.redhat.com/2300440', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300709', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301543', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305410', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2305488', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7000.html', 'https://git.kernel.org/linus/b58652db66c910c2245f5bee7deca41c12d707b9 (6.10)', 'https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4', 'https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9', 'https://linux.oracle.com/cve/CVE-2024-41023.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024072917-CVE-2024-41023-32a0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41023', 'https://www.cve.org/CVERecord?id=CVE-2024-41023'], 'PublishedDate': '2024-07-29T15:15:11.2Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41030', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41030', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ksmbd: discard write access to the directory open', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: discard write access to the directory open\n\nmay_open() does not allow a directory to be opened with the write access.\nHowever, some writing flags set by client result in adding write access\non server, making ksmbd incompatible with FUSE file system. Simply, let's\ndiscard the write access when opening a directory.\n\nlist_add corruption. next is NULL.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:26!\npc : __list_add_valid+0x88/0xbc\nlr : __list_add_valid+0x88/0xbc\nCall trace:\n__list_add_valid+0x88/0xbc\nfuse_finish_open+0x11c/0x170\nfuse_open_common+0x284/0x5e8\nfuse_dir_open+0x14/0x24\ndo_dentry_open+0x2a4/0x4e0\ndentry_open+0x50/0x80\nsmb2_open+0xbe4/0x15a4\nhandle_ksmbd_work+0x478/0x5ec\nprocess_one_work+0x1b4/0x448\nworker_thread+0x25c/0x430\nkthread+0x104/0x1d4\nret_from_fork+0x10/0x20", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41030', 'https://git.kernel.org/linus/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd (6.10)', 'https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035', 'https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361', 'https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa', 'https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd', 'https://lore.kernel.org/linux-cve-announce/2024072921-CVE-2024-41030-301a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41030', 'https://www.cve.org/CVERecord?id=CVE-2024-41030'], 'PublishedDate': '2024-07-29T15:15:11.697Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41031', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41031', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/filemap: skip to create PMD-sized page cache if needed', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB.  The\nPMD-sized page cache can't be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib  \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct    \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4    \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm      \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64      \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER.  For this specific case, we will fall to\nregular path where the readahead window is determined by BDI's sysfs file\n(read_ahead_kb).", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41031', 'https://git.kernel.org/linus/3390916aca7af1893ed2ebcdfee1d6fdb65bb058 (6.10)', 'https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21', 'https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972', 'https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058', 'https://lore.kernel.org/linux-cve-announce/2024072921-CVE-2024-41031-6286@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41031', 'https://www.cve.org/CVERecord?id=CVE-2024-41031'], 'PublishedDate': '2024-07-29T15:15:11.77Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41036', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41036', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ks8851: Fix deadlock with the SPI chip variant', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n    watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n    call trace:\n      queued_spin_lock_slowpath+0x100/0x284\n      do_raw_spin_lock+0x34/0x44\n      ks8851_start_xmit_spi+0x30/0xb8\n      ks8851_start_xmit+0x14/0x20\n      netdev_start_xmit+0x40/0x6c\n      dev_hard_start_xmit+0x6c/0xbc\n      sch_direct_xmit+0xa4/0x22c\n      __qdisc_run+0x138/0x3fc\n      qdisc_run+0x24/0x3c\n      net_tx_action+0xf8/0x130\n      handle_softirqs+0x1ac/0x1f0\n      __do_softirq+0x14/0x20\n      ____do_softirq+0x10/0x1c\n      call_on_irq_stack+0x3c/0x58\n      do_softirq_own_stack+0x1c/0x28\n      __irq_exit_rcu+0x54/0x9c\n      irq_exit_rcu+0x10/0x1c\n      el1_interrupt+0x38/0x50\n      el1h_64_irq_handler+0x18/0x24\n      el1h_64_irq+0x64/0x68\n      __netif_schedule+0x6c/0x80\n      netif_tx_wake_queue+0x38/0x48\n      ks8851_irq+0xb8/0x2c8\n      irq_thread_fn+0x2c/0x74\n      irq_thread+0x10c/0x1b0\n      kthread+0xc8/0xd8\n      ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41036', 'https://git.kernel.org/linus/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c (6.10)', 'https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c', 'https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0', 'https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05', 'https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4', 'https://lore.kernel.org/linux-cve-announce/2024072923-CVE-2024-41036-65a8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41036', 'https://www.cve.org/CVERecord?id=CVE-2024-41036'], 'PublishedDate': '2024-07-29T15:15:12.17Z', 'LastModifiedDate': '2024-09-10T18:06:30.977Z'}, {'VulnerabilityID': 'CVE-2024-41045', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41045', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Defer work in bpf_timer_cancel_and_free', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41045', 'https://git.kernel.org/linus/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69 (6.10)', 'https://git.kernel.org/stable/c/7aa5a19279c3639ae8b758b63f05d0c616a39fa1', 'https://git.kernel.org/stable/c/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69', 'https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41045-6cc1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41045', 'https://www.cve.org/CVERecord?id=CVE-2024-41045'], 'PublishedDate': '2024-07-29T15:15:12.873Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41050', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41050', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: cyclic allocation of msg_id to avoid reuse', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n       t1       |      t2       |      t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, &info->work)\n                ondemand_object_worker\n                 cachefiles_ondemand_init_object(A)\n                  cachefiles_ondemand_send_req(OPEN)\n                    // get msg_id 6\n                    wait_for_completion(&req_A->done)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n                                // Malicious completion msg_id 6\n                                copen 6,-1\n                                cachefiles_ondemand_copen\n                                 complete(&req_A->done)\n                                 // will not set the object to close\n                                 // because ondemand_id && fd is valid.\n\n                // ondemand_object_worker() is done\n                // but the object is still reopening.\n\n                                // new open req_B\n                                cachefiles_ondemand_init_object(B)\n                                 cachefiles_ondemand_send_req(OPEN)\n                                 // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41050', 'https://git.kernel.org/linus/19f4f399091478c95947f6bd7ad61622300c30d9 (6.10)', 'https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9', 'https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6', 'https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17', 'https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0', 'https://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41050-f3ff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41050', 'https://www.cve.org/CVERecord?id=CVE-2024-41050'], 'PublishedDate': '2024-07-29T15:15:13.26Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41062', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41062', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bluetooth/l2cap: sync sock recv cb and release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n           CPU0                       CPU1\n           ----                       ----\n           sock_close                 hci_rx_work\n\t   l2cap_sock_release         hci_acldata_packet\n\t   l2cap_sock_kill            l2cap_recv_frame\n\t   sk_free                    l2cap_conless_channel\n\t                              l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41062', 'https://git.kernel.org/linus/89e856e124f9ae548572c56b1b70c2255705f8fe (6.10-rc7)', 'https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629', 'https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf', 'https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe', 'https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6', 'https://lore.kernel.org/linux-cve-announce/2024072906-CVE-2024-41062-cb85@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41062', 'https://www.cve.org/CVERecord?id=CVE-2024-41062'], 'PublishedDate': '2024-07-29T15:15:14.173Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41066', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41066', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ibmvnic: Add tx check to prevent skb leak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n    tx_buff[free_map[consumer_index]]->skb = new_skb;\n    free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n    consumer_index ++;\nWhere variable data looks like this:\n    free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n                                               \tconsumer_index^\n    tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41066', 'https://git.kernel.org/linus/0983d288caf984de0202c66641577b739caad561 (6.10-rc6)', 'https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561', 'https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c', 'https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06', 'https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a', 'https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41066-0a52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41066', 'https://www.cve.org/CVERecord?id=CVE-2024-41066'], 'PublishedDate': '2024-07-29T15:15:14.48Z', 'LastModifiedDate': '2024-09-10T17:06:26.617Z'}, {'VulnerabilityID': 'CVE-2024-41067', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41067', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: scrub: handle RST lookup error correctly', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: scrub: handle RST lookup error correctly\n\n[BUG]\nWhen running btrfs/060 with forced RST feature, it would crash the\nfollowing ASSERT() inside scrub_read_endio():\n\n\tASSERT(sector_nr < stripe->nr_sectors);\n\nBefore that, we would have tree dump from\nbtrfs_get_raid_extent_offset(), as we failed to find the RST entry for\nthe range.\n\n[CAUSE]\nInside scrub_submit_extent_sector_read() every time we allocated a new\nbbio we immediately called btrfs_map_block() to make sure there was some\nRST range covering the scrub target.\n\nBut if btrfs_map_block() fails, we immediately call endio for the bbio,\nwhile the bbio is newly allocated, it's completely empty.\n\nThen inside scrub_read_endio(), we go through the bvecs to find\nthe sector number (as bi_sector is no longer reliable if the bio is\nsubmitted to lower layers).\n\nAnd since the bio is empty, such bvecs iteration would not find any\nsector matching the sector, and return sector_nr == stripe->nr_sectors,\ntriggering the ASSERT().\n\n[FIX]\nInstead of calling btrfs_map_block() after allocating a new bbio, call\nbtrfs_map_block() first.\n\nSince our only objective of calling btrfs_map_block() is only to update\nstripe_len, there is really no need to do that after btrfs_alloc_bio().\n\nThis new timing would avoid the problem of handling empty bbio\ncompletely, and in fact fixes a possible race window for the old code,\nwhere if the submission thread is the only owner of the pending_io, the\nscrub would never finish (since we didn't decrease the pending_io\ncounter).\n\nAlthough the root cause of RST lookup failure still needs to be\naddressed.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41067', 'https://git.kernel.org/linus/2c49908634a2b97b1c3abe0589be2739ac5e7fd5 (6.10-rc6)', 'https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72', 'https://git.kernel.org/stable/c/2c49908634a2b97b1c3abe0589be2739ac5e7fd5', 'https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41067-bc18@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41067', 'https://www.cve.org/CVERecord?id=CVE-2024-41067'], 'PublishedDate': '2024-07-29T15:15:14.56Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41069', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41069', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: topology: Fix references to freed memory', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41069', 'https://git.kernel.org/linus/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1 (6.10-rc6)', 'https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1', 'https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d', 'https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2', 'https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702', 'https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41069-31e3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41069', 'https://www.cve.org/CVERecord?id=CVE-2024-41069'], 'PublishedDate': '2024-07-29T15:15:14.713Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41074', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41074', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set object to close if ondemand_id &lt; 0 in copen', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id < 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id < 0 in copen.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41074', 'https://git.kernel.org/linus/4f8703fb3482f92edcfd31661857b16fec89c2c0 (6.10-rc4)', 'https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60', 'https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0', 'https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663', 'https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41074-e5d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41074', 'https://www.cve.org/CVERecord?id=CVE-2024-41074'], 'PublishedDate': '2024-07-29T15:15:15.097Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41075', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41075', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: add consistency check for copen/cread', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n  * Generic, copen can only complete open requests, and cread can only\n    complete read requests.\n  * For copen, ondemand_id must not be 0, because this indicates that the\n    request has not been read by the daemon.\n  * For cread, the object corresponding to fd and req should be the same.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41075', 'https://git.kernel.org/linus/a26dc49df37e996876f50a0210039b2d211fdd6f (6.10-rc4)', 'https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539', 'https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a', 'https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a', 'https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f', 'https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41075-7f07@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41075', 'https://www.cve.org/CVERecord?id=CVE-2024-41075'], 'PublishedDate': '2024-07-29T15:15:15.163Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41079', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41079', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvmet: always initialize cqe.result', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn't mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet's make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41079', 'https://git.kernel.org/linus/cd0c1b8e045a8d2785342b385cb2684d9b48e426 (6.10-rc4)', 'https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319', 'https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d', 'https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2', 'https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426', 'https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41079-09c3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41079', 'https://www.cve.org/CVERecord?id=CVE-2024-41079'], 'PublishedDate': '2024-07-29T15:15:15.457Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41080', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41080', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: io_uring: fix possible deadlock in io_register_iowq_max_workers()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd->lock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock\nbefore acquiring sqd->lock"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41080', 'https://git.kernel.org/linus/73254a297c2dd094abec7c9efee32455ae875bdf (6.10-rc3)', 'https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf', 'https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca', 'https://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41080-6385@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41080', 'https://www.cve.org/CVERecord?id=CVE-2024-41080'], 'PublishedDate': '2024-07-29T15:15:15.523Z', 'LastModifiedDate': '2024-08-22T13:39:43.347Z'}, {'VulnerabilityID': 'CVE-2024-41082', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41082', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme-fabrics: use reserved tag for reg read/write command', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path,  we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n   are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41082', 'https://git.kernel.org/linus/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa (6.10-rc3)', 'https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb', 'https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa', 'https://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41082-6e0a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41082', 'https://www.cve.org/CVERecord?id=CVE-2024-41082'], 'PublishedDate': '2024-07-29T15:15:15.67Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-41088', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41088', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: can: mcp251xfd: fix infinite loop when xmit fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[  441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[  441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring->head increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring->head, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41088', 'https://git.kernel.org/linus/d8fb63e46c884c898a38f061c2330f7729e75510 (6.10-rc6)', 'https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b', 'https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729', 'https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510', 'https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025', 'https://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-41088-281e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41088', 'https://www.cve.org/CVERecord?id=CVE-2024-41088'], 'PublishedDate': '2024-07-29T16:15:04.217Z', 'LastModifiedDate': '2024-08-22T13:16:08.143Z'}, {'VulnerabilityID': 'CVE-2024-42063', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42063', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode\n\nsyzbot reported uninit memory usages during map_{lookup,delete}_elem.\n\n==========\nBUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\nBUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\ndev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]\nbpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38\n___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237\n==========\n\nThe reproducer should be in the interpreter mode.\n\nThe C reproducer is trying to run the following bpf prog:\n\n    0: (18) r0 = 0x0\n    2: (18) r1 = map[id:49]\n    4: (b7) r8 = 16777216\n    5: (7b) *(u64 *)(r10 -8) = r8\n    6: (bf) r2 = r10\n    7: (07) r2 += -229\n            ^^^^^^^^^^\n\n    8: (b7) r3 = 8\n    9: (b7) r4 = 0\n   10: (85) call dev_map_lookup_elem#1543472\n   11: (95) exit\n\nIt is due to the "void *key" (r2) passed to the helper. bpf allows uninit\nstack memory access for bpf prog with the right privileges. This patch\nuses kmsan_unpoison_memory() to mark the stack as initialized.\n\nThis should address different syzbot reports on the uninit "void *key"\nargument during map_{lookup,delete}_elem.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42063', 'https://git.kernel.org/linus/e8742081db7d01f980c6161ae1e8a1dbc1e30979 (6.10-rc1)', 'https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12', 'https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5', 'https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf', 'https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979', 'https://lore.kernel.org/linux-cve-announce/2024072950-CVE-2024-42063-d3a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42063', 'https://www.cve.org/CVERecord?id=CVE-2024-42063'], 'PublishedDate': '2024-07-29T16:15:06.053Z', 'LastModifiedDate': '2024-09-05T17:42:12.67Z'}, {'VulnerabilityID': 'CVE-2024-42067', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42067', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-252'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42067', 'https://git.kernel.org/linus/e60adf513275c3a38e5cb67f7fd12387e43a3ff5 (6.10-rc1)', 'https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a', 'https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7', 'https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730', 'https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5', 'https://lore.kernel.org/linux-cve-announce/2024072951-CVE-2024-42067-c8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42067', 'https://www.cve.org/CVERecord?id=CVE-2024-42067'], 'PublishedDate': '2024-07-29T16:15:06.323Z', 'LastModifiedDate': '2024-07-30T19:02:20.687Z'}, {'VulnerabilityID': 'CVE-2024-42091', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42091', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Check pat.ops before dumping PAT settings', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Check pat.ops before dumping PAT settings\n\nWe may leave pat.ops unset when running on brand new platform or\nwhen running as a VF.  While the former is unlikely, the latter\nis valid (future) use case and will cause NPD when someone will\ntry to dump PAT settings by debugfs.\n\nIt's better to check pointer to pat.ops instead of specific .dump\nhook, as we have this hook always defined for every .ops variant.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42091', 'https://git.kernel.org/linus/a918e771e6fbe1fa68932af5b0cdf473e23090cc (6.10-rc1)', 'https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb', 'https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc', 'https://lore.kernel.org/linux-cve-announce/2024072904-CVE-2024-42091-597d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42091', 'https://www.cve.org/CVERecord?id=CVE-2024-42091'], 'PublishedDate': '2024-07-29T18:15:11.657Z', 'LastModifiedDate': '2024-07-30T13:33:30.653Z'}, {'VulnerabilityID': 'CVE-2024-42107', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42107', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: ice: Don't process extts if PTP is disabled", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42107', 'https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)', 'https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b', 'https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e', 'https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42107', 'https://www.cve.org/CVERecord?id=CVE-2024-42107'], 'PublishedDate': '2024-07-30T08:15:03.22Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42110', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42110', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514]  <TASK>\n[74412.586933]  dump_stack_lvl+0x55/0x70\n[74412.591129]  check_preemption_disabled+0xc8/0xf0\n[74412.596374]  netif_rx_internal+0x42/0x130\n[74412.600957]  __netif_rx+0x20/0xd0\n[74412.604743]  ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985]  ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010]  ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332]  idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963]  idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046]  irq_thread_fn+0x21/0x60\n[74412.638134]  ? irq_thread+0xa8/0x290\n[74412.642218]  irq_thread+0x1a0/0x290\n[74412.646212]  ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071]  ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117]  ? __pfx_irq_thread+0x10/0x10\n[74412.660686]  kthread+0x100/0x130\n[74412.664384]  ? __pfx_kthread+0x10/0x10\n[74412.668639]  ret_from_fork+0x31/0x50\n[74412.672716]  ? __pfx_kthread+0x10/0x10\n[74412.676978]  ret_from_fork_asm+0x1a/0x30\n[74412.681457]  </TASK>\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."),\nthe change should\'ve been a noop instead. However, the code precedes this\nfix should\'ve been using netif_rx_ni() or netif_rx_any_context().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42110', 'https://git.kernel.org/linus/e15a5d821e5192a3769d846079bc9aa380139baf (6.10-rc7)', 'https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f', 'https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3', 'https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf', 'https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9', 'https://linux.oracle.com/cve/CVE-2024-42110.html', 'https://linux.oracle.com/errata/ELSA-2024-5928.html', 'https://lore.kernel.org/linux-cve-announce/2024073021-CVE-2024-42110-4b28@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42110', 'https://www.cve.org/CVERecord?id=CVE-2024-42110'], 'PublishedDate': '2024-07-30T08:15:03.487Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42116', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42116', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: igc: fix a log entry using uninitialized netdev', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[    5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb.  Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[    5.200987] igc 0000:01:00.0 eth0: PHC added', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42116', 'https://git.kernel.org/linus/86167183a17e03ec77198897975e9fdfbd53cb0b (6.10-rc1)', 'https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b', 'https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6', 'https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79', 'https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda', 'https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f', 'https://linux.oracle.com/cve/CVE-2024-42116.html', 'https://linux.oracle.com/errata/ELSA-2024-12618.html', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42116', 'https://www.cve.org/CVERecord?id=CVE-2024-42116'], 'PublishedDate': '2024-07-30T08:15:03.95Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42117', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42117', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: ASSERT when failing to find index by plane/stream id', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: ASSERT when failing to find index by plane/stream id\n\n[WHY]\nfind_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns\nan array index and they return -1 when not found; however, -1 is not a\nvalid index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a positive number (which is\nfewer than callers' array size) instead.\n\nThis fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42117', 'https://git.kernel.org/linus/01eb50e53c1ce505bf449348d433181310288765 (6.10-rc1)', 'https://git.kernel.org/stable/c/01eb50e53c1ce505bf449348d433181310288765', 'https://git.kernel.org/stable/c/a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3', 'https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42117-25fd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42117', 'https://www.cve.org/CVERecord?id=CVE-2024-42117'], 'PublishedDate': '2024-07-30T08:15:04.03Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42118', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42118', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Do not return negative stream id for array', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not return negative stream id for array\n\n[WHY]\nresource_stream_to_stream_idx returns an array index and it return -1\nwhen not found; however, -1 is not a valid array index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a zero instead.\n\nThis fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42118', 'https://git.kernel.org/linus/3ac31c9a707dd1c7c890b95333182f955e9dcb57 (6.10-rc1)', 'https://git.kernel.org/stable/c/3ac31c9a707dd1c7c890b95333182f955e9dcb57', 'https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0', 'https://lore.kernel.org/linux-cve-announce/2024073024-CVE-2024-42118-537b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42118', 'https://www.cve.org/CVERecord?id=CVE-2024-42118'], 'PublishedDate': '2024-07-30T08:15:04.097Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42122', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42122', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add NULL pointer check for kzalloc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42122', 'https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)', 'https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70', 'https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912', 'https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42122', 'https://www.cve.org/CVERecord?id=CVE-2024-42122'], 'PublishedDate': '2024-07-30T08:15:04.43Z', 'LastModifiedDate': '2024-09-16T13:49:27.837Z'}, {'VulnerabilityID': 'CVE-2024-42125', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42125', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42125', 'https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9', 'https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42125', 'https://www.cve.org/CVERecord?id=CVE-2024-42125'], 'PublishedDate': '2024-07-30T08:15:04.667Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42128', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42128', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: an30259a: Use devm_mutex_init() for mutex initialization', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: an30259a: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42128', 'https://git.kernel.org/linus/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6 (6.10-rc1)', 'https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8', 'https://git.kernel.org/stable/c/9dba44460bfca657ca43f03ea9bafa4f9f7dd077', 'https://git.kernel.org/stable/c/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6', 'https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42128-9ac9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42128', 'https://www.cve.org/CVERecord?id=CVE-2024-42128'], 'PublishedDate': '2024-07-30T08:15:04.903Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42129', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42129', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: leds: mlxreg: Use devm_mutex_init() for mutex initialization', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42129', 'https://git.kernel.org/linus/efc347b9efee1c2b081f5281d33be4559fa50a16 (6.10-rc1)', 'https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51', 'https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16', 'https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42129-576e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42129', 'https://www.cve.org/CVERecord?id=CVE-2024-42129'], 'PublishedDate': '2024-07-30T08:15:04.977Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42134', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42134', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: virtio-pci: Check if is_avq is NULL', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev->is_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev->is_avq.\n\n[fix]\nCheck whether it is vp_dev->is_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42134', 'https://git.kernel.org/linus/c8fae27d141a32a1624d0d0d5419d94252824498 (6.10-rc1)', 'https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106', 'https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498', 'https://lore.kernel.org/linux-cve-announce/2024073028-CVE-2024-42134-99d7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42134', 'https://ubuntu.com/security/notices/USN-6949-1', 'https://ubuntu.com/security/notices/USN-6949-2', 'https://ubuntu.com/security/notices/USN-6952-1', 'https://ubuntu.com/security/notices/USN-6952-2', 'https://ubuntu.com/security/notices/USN-6955-1', 'https://www.cve.org/CVERecord?id=CVE-2024-42134'], 'PublishedDate': '2024-07-30T08:15:05.36Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42135', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42135', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: vhost_task: Handle SIGKILL by flushing work and exiting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_task: Handle SIGKILL by flushing work and exiting\n\nInstead of lingering until the device is closed, this has us handle\nSIGKILL by:\n\n1. marking the worker as killed so we no longer try to use it with\n   new virtqueues and new flush operations.\n2. setting the virtqueue to worker mapping so no new works are queued.\n3. running all the exiting works.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42135', 'https://git.kernel.org/linus/db5247d9bf5c6ade9fd70b4e4897441e0269b233 (6.10-rc1)', 'https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af', 'https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233', 'https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4', 'https://lore.kernel.org/linux-cve-announce/2024073029-CVE-2024-42135-0694@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42135', 'https://www.cve.org/CVERecord?id=CVE-2024-42135'], 'PublishedDate': '2024-07-30T08:15:05.433Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42139', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42139', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Fix improper extts handling', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message "extts on unexpected channel" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42139', 'https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)', 'https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc', 'https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3', 'https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42139', 'https://www.cve.org/CVERecord?id=CVE-2024-42139'], 'PublishedDate': '2024-07-30T08:15:05.757Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42144', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42144', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42144', 'https://git.kernel.org/linus/a1191a77351e25ddf091bb1a231cae12ee598b5d (6.10-rc1)', 'https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9', 'https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d', 'https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886', 'https://lore.kernel.org/linux-cve-announce/2024073031-CVE-2024-42144-f412@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42144', 'https://www.cve.org/CVERecord?id=CVE-2024-42144'], 'PublishedDate': '2024-07-30T08:15:06.157Z', 'LastModifiedDate': '2024-09-16T14:12:56.537Z'}, {'VulnerabilityID': 'CVE-2024-42146', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42146', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf\n\nAny kunit doing any memory access should get their own runtime_pm\nouter references since they don't use the standard driver API\nentries. In special this dma_buf from the same driver.\n\nFound by pre-merge CI on adding WARN calls for unprotected\ninner callers:\n\n<6> [318.639739]     # xe_dma_buf_kunit: running xe_test_dmabuf_import_same_driver\n<4> [318.639957] ------------[ cut here ]------------\n<4> [318.639967] xe 0000:4d:00.0: Missing outer runtime PM protection\n<4> [318.640049] WARNING: CPU: 117 PID: 3832 at drivers/gpu/drm/xe/xe_pm.c:533 xe_pm_runtime_get_noresume+0x48/0x60 [xe]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42146', 'https://git.kernel.org/linus/f9116f658a6217b101e3b4e89f845775b6fb05d9 (6.10-rc1)', 'https://git.kernel.org/stable/c/0888d15ea45ba8ef4508edd1123ea5ad95b58994', 'https://git.kernel.org/stable/c/f9116f658a6217b101e3b4e89f845775b6fb05d9', 'https://lore.kernel.org/linux-cve-announce/2024073032-CVE-2024-42146-cbd0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42146', 'https://www.cve.org/CVERecord?id=CVE-2024-42146'], 'PublishedDate': '2024-07-30T08:15:06.313Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42147', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42147', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: hisilicon/debugfs - Fix debugfs uninit process issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/debugfs - Fix debugfs uninit process issue\n\nDuring the zip probe process, the debugfs failure does not stop\nthe probe. When debugfs initialization fails, jumping to the\nerror branch will also release regs, in addition to its own\nrollback operation.\n\nAs a result, it may be released repeatedly during the regs\nuninit process. Therefore, the null check needs to be added to\nthe regs uninit process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42147', 'https://git.kernel.org/linus/8be0913389718e8d27c4f1d4537b5e1b99ed7739 (6.10-rc1)', 'https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e', 'https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739', 'https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3', 'https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c', 'https://lore.kernel.org/linux-cve-announce/2024073032-CVE-2024-42147-805a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42147', 'https://www.cve.org/CVERecord?id=CVE-2024-42147'], 'PublishedDate': '2024-07-30T08:15:06.383Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42151', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42151', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable\n\nTest case dummy_st_ops/dummy_init_ret_value passes NULL as the first\nparameter of the test_1() function. Mark this parameter as nullable to\nmake verifier aware of such possibility.\nOtherwise, NULL check in the test_1() code:\n\n      SEC("struct_ops/test_1")\n      int BPF_PROG(test_1, struct bpf_dummy_ops_state *state)\n      {\n            if (!state)\n                    return ...;\n\n            ... access state ...\n      }\n\nMight be removed by verifier, thus triggering NULL pointer dereference\nunder certain conditions.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42151', 'https://git.kernel.org/linus/1479eaff1f16983d8fda7c5a08a586c21891087d (6.10-rc1)', 'https://git.kernel.org/stable/c/1479eaff1f16983d8fda7c5a08a586c21891087d', 'https://git.kernel.org/stable/c/7f79097b0de97a486b137b750d7dd7b20b519d23', 'https://lore.kernel.org/linux-cve-announce/2024073033-CVE-2024-42151-b34a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42151', 'https://www.cve.org/CVERecord?id=CVE-2024-42151'], 'PublishedDate': '2024-07-30T08:15:06.69Z', 'LastModifiedDate': '2024-07-30T13:32:45.943Z'}, {'VulnerabilityID': 'CVE-2024-42155', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42155', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/pkey: Wipe copies of protected- and secure-keys', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 1.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 1.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42155', 'https://git.kernel.org/linus/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207 (6.10-rc1)', 'https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b', 'https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207', 'https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42155-5ccb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42155', 'https://www.cve.org/CVERecord?id=CVE-2024-42155'], 'PublishedDate': '2024-07-30T08:15:07.01Z', 'LastModifiedDate': '2024-08-08T15:01:33.093Z'}, {'VulnerabilityID': 'CVE-2024-42156', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42156', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/pkey: Wipe copies of clear-key structures on failure', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42156', 'https://git.kernel.org/linus/d65d76a44ffe74c73298ada25b0f578680576073 (6.10-rc1)', 'https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d', 'https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073', 'https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42156-1f82@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42156', 'https://www.cve.org/CVERecord?id=CVE-2024-42156'], 'PublishedDate': '2024-07-30T08:15:07.08Z', 'LastModifiedDate': '2024-08-02T14:31:53.66Z'}, {'VulnerabilityID': 'CVE-2024-42158', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42158', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-669'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42158', 'https://git.kernel.org/linus/22e6824622e8a8889df0f8fc4ed5aea0e702a694 (6.10-rc1)', 'https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694', 'https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d', 'https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42158-3d50@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42158', 'https://www.cve.org/CVERecord?id=CVE-2024-42158'], 'PublishedDate': '2024-07-30T08:15:07.227Z', 'LastModifiedDate': '2024-08-02T14:31:04.187Z'}, {'VulnerabilityID': 'CVE-2024-42230', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42230', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/pseries: Fix scv instruction crash with kexec', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn't easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42230', 'https://git.kernel.org/linus/21a741eb75f80397e5f7d3739e24d7d75e619011 (6.10-rc7)', 'https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011', 'https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3', 'https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c', 'https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5', 'https://lore.kernel.org/linux-cve-announce/2024073039-CVE-2024-42230-a46d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42230', 'https://www.cve.org/CVERecord?id=CVE-2024-42230'], 'PublishedDate': '2024-07-30T08:15:08.193Z', 'LastModifiedDate': '2024-07-30T19:32:51.137Z'}, {'VulnerabilityID': 'CVE-2024-42239', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42239', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Fail bpf_timer_cancel when callback is being cancelled', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named 'cancelling' in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur->cancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool 'cancelling' bit and used the\nfollowing pattern under timer->lock to publish cancellation status.\n\nlock(t->lock);\nt->cancelling = true;\nmb();\nif (cur->cancelling)\n\treturn -EDEADLK;\nunlock(t->lock);\nhrtimer_cancel(t->timer);\nt->cancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t->cancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer->lock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42239', 'https://git.kernel.org/linus/d4523831f07a267a943f0dde844bf8ead7495f13 (6.10)', 'https://git.kernel.org/stable/c/3e4e8178a8666c56813bd167b848fca0f4c9af0a', 'https://git.kernel.org/stable/c/9369830518688ecd5b08ffc08ab3302ce2b5d0f7', 'https://git.kernel.org/stable/c/d4523831f07a267a943f0dde844bf8ead7495f13', 'https://lore.kernel.org/linux-cve-announce/2024080740-CVE-2024-42239-a15f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42239', 'https://www.cve.org/CVERecord?id=CVE-2024-42239'], 'PublishedDate': '2024-08-07T16:15:46.733Z', 'LastModifiedDate': '2024-08-08T14:54:08.33Z'}, {'VulnerabilityID': 'CVE-2024-42243', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42243', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray\n\nPatch series "mm/filemap: Limit page cache size to that supported by\nxarray", v2.\n\nCurrently, xarray can\'t support arbitrary page cache size.  More details\ncan be found from the WARN_ON() statement in xas_split_alloc().  In our\ntest whose code is attached below, we hit the WARN_ON() on ARM64 system\nwhere the base page size is 64KB and huge page size is 512MB.  The issue\nwas reported long time ago and some discussions on it can be found here\n[1].\n\n[1] https://www.spinics.net/lists/linux-xfs/msg75404.html\n\nIn order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one\nsupported by xarray and avoid PMD-sized page cache if needed.  The code\nchanges are suggested by David Hildenbrand.\n\nPATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray\nPATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path\nPATCH[4] avoids PMD-sized page cache for shmem files if needed\n\nTest program\n============\n# cat test.c\n#define _GNU_SOURCE\n#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <string.h>\n#include <fcntl.h>\n#include <errno.h>\n#include <sys/syscall.h>\n#include <sys/mman.h>\n\n#define TEST_XFS_FILENAME\t"/tmp/data"\n#define TEST_SHMEM_FILENAME\t"/dev/shm/data"\n#define TEST_MEM_SIZE\t\t0x20000000\n\nint main(int argc, char **argv)\n{\n\tconst char *filename;\n\tint fd = 0;\n\tvoid *buf = (void *)-1, *p;\n\tint pgsize = getpagesize();\n\tint ret;\n\n\tif (pgsize != 0x10000) {\n\t\tfprintf(stderr, "64KB base page size is required\\n");\n\t\treturn -EPERM;\n\t}\n\n\tsystem("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled");\n\tsystem("rm -fr /tmp/data");\n\tsystem("rm -fr /dev/shm/data");\n\tsystem("echo 1 > /proc/sys/vm/drop_caches");\n\n\t/* Open xfs or shmem file */\n\tfilename = TEST_XFS_FILENAME;\n\tif (argc > 1 && !strcmp(argv[1], "shmem"))\n\t\tfilename = TEST_SHMEM_FILENAME;\n\n\tfd = open(filename, O_CREAT | O_RDWR | O_TRUNC);\n\tif (fd < 0) {\n\t\tfprintf(stderr, "Unable to open <%s>\\n", filename);\n\t\treturn -EIO;\n\t}\n\n\t/* Extend file size */\n\tret = ftruncate(fd, TEST_MEM_SIZE);\n\tif (ret) {\n\t\tfprintf(stderr, "Error %d to ftruncate()\\n", ret);\n\t\tgoto cleanup;\n\t}\n\n\t/* Create VMA */\n\tbuf = mmap(NULL, TEST_MEM_SIZE,\n\t\t   PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);\n\tif (buf == (void *)-1) {\n\t\tfprintf(stderr, "Unable to mmap <%s>\\n", filename);\n\t\tgoto cleanup;\n\t}\n\n\tfprintf(stdout, "mapped buffer at 0x%p\\n", buf);\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE);\n        if (ret) {\n\t\tfprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\\n");\n\t\tgoto cleanup;\n\t}\n\n\t/* Populate VMA */\n\tret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE);\n\tif (ret) {\n\t\tfprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\\n", ret);\n\t\tgoto cleanup;\n\t}\n\n\t/* Punch the file to enforce xarray split */\n\tret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE,\n        \t\tTEST_MEM_SIZE - pgsize, pgsize);\n\tif (ret)\n\t\tfprintf(stderr, "Error %d to fallocate()\\n", ret);\n\ncleanup:\n\tif (buf != (void *)-1)\n\t\tmunmap(buf, TEST_MEM_SIZE);\n\tif (fd > 0)\n\t\tclose(fd);\n\n\treturn 0;\n}\n\n# gcc test.c -o test\n# cat /proc/1/smaps | grep KernelPageSize | head -n 1\nKernelPageSize:       64 kB\n# ./test shmem\n   :\n------------[ cut here ]------------\nWARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib  \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct    \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4    \\\nip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon          \\\ndrm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64  \\\nvirtio_net sha1_ce net_failover failover virtio_console virtio_blk \\\ndimlib virtio_mmio\nCPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TC\n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42243', 'https://git.kernel.org/linus/099d90642a711caae377f53309abfe27e8724a8b (6.10)', 'https://git.kernel.org/stable/c/099d90642a711caae377f53309abfe27e8724a8b', 'https://git.kernel.org/stable/c/333c5539a31f48828456aa9997ec2808f06a699a', 'https://git.kernel.org/stable/c/a0c42ddd0969fdc760a85e20e267776028a7ca4e', 'https://lore.kernel.org/linux-cve-announce/2024080741-CVE-2024-42243-2ed5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42243', 'https://www.cve.org/CVERecord?id=CVE-2024-42243'], 'PublishedDate': '2024-08-07T16:15:47.08Z', 'LastModifiedDate': '2024-08-08T14:53:35.073Z'}, {'VulnerabilityID': 'CVE-2024-42252', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42252', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: closures: Change BUG_ON() to WARN_ON()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nclosures: Change BUG_ON() to WARN_ON()\n\nIf a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON()\n\nFor reference, this has popped up once in the CI, and we'll need more\ninfo to debug it:\n\n03240 ------------[ cut here ]------------\n03240 kernel BUG at lib/closure.c:21!\n03240 kernel BUG at lib/closure.c:21!\n03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n03240 Modules linked in:\n03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570\n03240 Hardware name: linux,dummy-virt (DT)\n03240 Workqueue: btree_update btree_interior_update_work\n03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)\n03240 pc : closure_put+0x224/0x2a0\n03240 lr : closure_put+0x24/0x2a0\n03240 sp : ffff0000d12071c0\n03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360\n03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040\n03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168\n03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001\n03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974\n03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d\n03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e\n03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b\n03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954\n03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000\n03240 Call trace:\n03240  closure_put+0x224/0x2a0\n03240  bch2_check_for_deadlock+0x910/0x1028\n03240  bch2_six_check_for_deadlock+0x1c/0x30\n03240  six_lock_slowpath.isra.0+0x29c/0xed0\n03240  six_lock_ip_waiter+0xa8/0xf8\n03240  __bch2_btree_node_lock_write+0x14c/0x298\n03240  bch2_trans_lock_write+0x6d4/0xb10\n03240  __bch2_trans_commit+0x135c/0x5520\n03240  btree_interior_update_work+0x1248/0x1c10\n03240  process_scheduled_works+0x53c/0xd90\n03240  worker_thread+0x370/0x8c8\n03240  kthread+0x258/0x2e8\n03240  ret_from_fork+0x10/0x20\n03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000)\n03240 ---[ end trace 0000000000000000 ]---\n03240 Kernel panic - not syncing: Oops - BUG: Fatal exception\n03240 SMP: stopping secondary CPUs\n03241 SMP: failed to stop secondary CPUs 13,15\n03241 Kernel Offset: disabled\n03241 CPU features: 0x00,00000003,80000008,4240500b\n03241 Memory Limit: none\n03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---\n03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-617'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42252', 'https://git.kernel.org/linus/339b84ab6b1d66900c27bd999271cb2ae40ce812 (6.10-rc5)', 'https://git.kernel.org/stable/c/339b84ab6b1d66900c27bd999271cb2ae40ce812', 'https://git.kernel.org/stable/c/5d85f2ab79d5918a66539ebf046c099f7448db8d', 'https://lore.kernel.org/linux-cve-announce/2024080835-CVE-2024-42252-f46f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42252', 'https://www.cve.org/CVERecord?id=CVE-2024-42252'], 'PublishedDate': '2024-08-08T09:15:08.15Z', 'LastModifiedDate': '2024-09-06T13:37:31.46Z'}, {'VulnerabilityID': 'CVE-2024-42253', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42253', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock' is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n   0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n   0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n   0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n   0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n   0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n   0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n   0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n   0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42253', 'https://git.kernel.org/linus/bfc6444b57dc7186b6acc964705d7516cbaf3904 (6.10-rc6)', 'https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34', 'https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904', 'https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41', 'https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2', 'https://lore.kernel.org/linux-cve-announce/2024080835-CVE-2024-42253-0c21@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42253', 'https://www.cve.org/CVERecord?id=CVE-2024-42253'], 'PublishedDate': '2024-08-08T09:15:08.22Z', 'LastModifiedDate': '2024-09-06T13:38:36.103Z'}, {'VulnerabilityID': 'CVE-2024-42273', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42273', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n  do_write_page+0x78/0x390 [f2fs]\n  f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n  f2fs_do_write_data_page+0x275/0x740 [f2fs]\n  f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n  f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n  f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n  f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n  do_writepages+0xcf/0x270\n  __writeback_single_inode+0x44/0x350\n  writeback_sb_inodes+0x242/0x530\n  __writeback_inodes_wb+0x54/0xf0\n  wb_writeback+0x192/0x310\n  wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42273', 'https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791', 'https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439', 'https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1', 'https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1', 'https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42273', 'https://www.cve.org/CVERecord?id=CVE-2024-42273'], 'PublishedDate': '2024-08-17T09:15:08.45Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42291', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42291', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add a per-VF limit on number of FDIR filters', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42291', 'https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)', 'https://git.kernel.org/stable/c/292081c4e7f575a79017d5cbe1a0ec042783976f', 'https://git.kernel.org/stable/c/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97', 'https://git.kernel.org/stable/c/8e02cd98a6e24389d476e28436d41e620ed8e559', 'https://git.kernel.org/stable/c/d62389073a5b937413e2d1bc1da06ccff5103c0c', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42291-6f31@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42291', 'https://www.cve.org/CVERecord?id=CVE-2024-42291'], 'PublishedDate': '2024-08-17T09:15:09.73Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42294', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42294', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: block: fix deadlock between sd_remove & sd_release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q->mq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk->open_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q->mq_freeze_depth)\n  mutex_lock(&disk->open_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\'t try to acquire disk->open_mutex after freezing\nthe queue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42294', 'https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9', 'https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b', 'https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544', 'https://lore.kernel.org/linux-cve-announce/2024081746-CVE-2024-42294-0145@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42294', 'https://www.cve.org/CVERecord?id=CVE-2024-42294'], 'PublishedDate': '2024-08-17T09:15:09.947Z', 'LastModifiedDate': '2024-08-19T19:43:22.46Z'}, {'VulnerabilityID': 'CVE-2024-42315', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42315', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: exfat: fix potential deadlock on __exfat_get_dentry_set', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi->s_lock between the two processes may occur.\n\n       CPU0                CPU1\n       ----                ----\n  kswapd\n   balance_pgdat\n    lock(fs_reclaim)\n                      exfat_iterate\n                       lock(&sbi->s_lock)\n                       exfat_readdir\n                        exfat_get_uniname_from_ext_entry\n                         exfat_get_dentry_set\n                          __exfat_get_dentry_set\n                           kmalloc_array\n                            ...\n                            lock(fs_reclaim)\n    ...\n    evict\n     exfat_evict_inode\n      lock(&sbi->s_lock)\n\nTo fix this, let's allocate bh-array with GFP_NOFS.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42315', 'https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)', 'https://git.kernel.org/stable/c/1d1970493c289e3f44b9ec847ed26a5dbdf56a62', 'https://git.kernel.org/stable/c/89fc548767a2155231128cb98726d6d2ea1256c9', 'https://git.kernel.org/stable/c/a7ac198f8dba791e3144c4da48a5a9b95773ee4b', 'https://lore.kernel.org/linux-cve-announce/2024081753-CVE-2024-42315-a707@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42315', 'https://www.cve.org/CVERecord?id=CVE-2024-42315'], 'PublishedDate': '2024-08-17T09:15:11.47Z', 'LastModifiedDate': '2024-08-22T15:51:03.077Z'}, {'VulnerabilityID': 'CVE-2024-42319', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42319', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() < 0 occurs.\n\nAccording to the call tracei below:\n  cmdq_mbox_shutdown\n  mbox_free_channel\n  mbox_controller_unregister\n  __devm_mbox_controller_unregister\n  ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n   to bind the cmdq device to the mbox_controller, so\n   devm_mbox_controller_unregister() will automatically unregister\n   the device bound to the mailbox controller when the device-managed\n   resource is removed. That means devm_mbox_controller_unregister()\n   and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n   devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n   will be called after cmdq_remove(), but before\n   devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42319', 'https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)', 'https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911', 'https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42319', 'https://www.cve.org/CVERecord?id=CVE-2024-42319'], 'PublishedDate': '2024-08-17T09:15:11.767Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42320', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42320', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: s390/dasd: fix error checks in dasd_copy_pair_store()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42320', 'https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)', 'https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2', 'https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8', 'https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace', 'https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27', 'https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42320', 'https://www.cve.org/CVERecord?id=CVE-2024-42320'], 'PublishedDate': '2024-08-17T09:15:11.833Z', 'LastModifiedDate': '2024-09-30T12:54:12.897Z'}, {'VulnerabilityID': 'CVE-2024-42321', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42321', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n  d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS:  00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044]  <IRQ>\n[69133.562049]  ? __warn+0x9f/0x1a0\n[ 1211.841384]  ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496]  ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753]  __skb_get_hash+0x97/0x280\n[ 1211.841765]  ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776]  ? mod_find+0xbf/0xe0\n[ 1211.841786]  ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798]  ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807]  ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819]  nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895]  ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964]  ? get_stack_info+0x2b/0x80\n[ 1211.841975]  ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044]  nft_do_chain+0x79c/0x850 [nf_tables]', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-42321', 'https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)', 'https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b', 'https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107', 'https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0', 'https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42321', 'https://www.cve.org/CVERecord?id=CVE-2024-42321'], 'PublishedDate': '2024-08-17T09:15:11.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-42322', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-42322', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ipvs: properly dereference pe in ip_vs_add_service', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n  net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:7001', 'https://access.redhat.com/security/cve/CVE-2024-42322', 'https://bugzilla.redhat.com/2258012', 'https://bugzilla.redhat.com/2258013', 'https://bugzilla.redhat.com/2260038', 'https://bugzilla.redhat.com/2265799', 'https://bugzilla.redhat.com/2266358', 'https://bugzilla.redhat.com/2266750', 'https://bugzilla.redhat.com/2267036', 'https://bugzilla.redhat.com/2267041', 'https://bugzilla.redhat.com/2267795', 'https://bugzilla.redhat.com/2267916', 'https://bugzilla.redhat.com/2267925', 'https://bugzilla.redhat.com/2268295', 'https://bugzilla.redhat.com/2271648', 'https://bugzilla.redhat.com/2271796', 'https://bugzilla.redhat.com/2272793', 'https://bugzilla.redhat.com/2273141', 'https://bugzilla.redhat.com/2273148', 'https://bugzilla.redhat.com/2273180', 'https://bugzilla.redhat.com/2275661', 'https://bugzilla.redhat.com/2275690', 'https://bugzilla.redhat.com/2275742', 'https://bugzilla.redhat.com/2277171', 'https://bugzilla.redhat.com/2278220', 'https://bugzilla.redhat.com/2278270', 'https://bugzilla.redhat.com/2278447', 'https://bugzilla.redhat.com/2281217', 'https://bugzilla.redhat.com/2281317', 'https://bugzilla.redhat.com/2281704', 'https://bugzilla.redhat.com/2281720', 'https://bugzilla.redhat.com/2281807', 'https://bugzilla.redhat.com/2281847', 'https://bugzilla.redhat.com/2282324', 'https://bugzilla.redhat.com/2282345', 'https://bugzilla.redhat.com/2282354', 'https://bugzilla.redhat.com/2282355', 'https://bugzilla.redhat.com/2282356', 'https://bugzilla.redhat.com/2282357', 'https://bugzilla.redhat.com/2282366', 'https://bugzilla.redhat.com/2282401', 'https://bugzilla.redhat.com/2282422', 'https://bugzilla.redhat.com/2282440', 'https://bugzilla.redhat.com/2282508', 'https://bugzilla.redhat.com/2282511', 'https://bugzilla.redhat.com/2282676', 'https://bugzilla.redhat.com/2282757', 'https://bugzilla.redhat.com/2282851', 'https://bugzilla.redhat.com/2282890', 'https://bugzilla.redhat.com/2282903', 'https://bugzilla.redhat.com/2282918', 'https://bugzilla.redhat.com/2283389', 'https://bugzilla.redhat.com/2283424', 'https://bugzilla.redhat.com/2284271', 'https://bugzilla.redhat.com/2284515', 'https://bugzilla.redhat.com/2284545', 'https://bugzilla.redhat.com/2284596', 'https://bugzilla.redhat.com/2284628', 'https://bugzilla.redhat.com/2284634', 'https://bugzilla.redhat.com/2293247', 'https://bugzilla.redhat.com/2293270', 'https://bugzilla.redhat.com/2293273', 'https://bugzilla.redhat.com/2293304', 'https://bugzilla.redhat.com/2293377', 'https://bugzilla.redhat.com/2293408', 'https://bugzilla.redhat.com/2293423', 'https://bugzilla.redhat.com/2293440', 'https://bugzilla.redhat.com/2293441', 'https://bugzilla.redhat.com/2293658', 'https://bugzilla.redhat.com/2294313', 'https://bugzilla.redhat.com/2297471', 'https://bugzilla.redhat.com/2297473', 'https://bugzilla.redhat.com/2297478', 'https://bugzilla.redhat.com/2297488', 'https://bugzilla.redhat.com/2297495', 'https://bugzilla.redhat.com/2297496', 'https://bugzilla.redhat.com/2297513', 'https://bugzilla.redhat.com/2297515', 'https://bugzilla.redhat.com/2297525', 'https://bugzilla.redhat.com/2297538', 'https://bugzilla.redhat.com/2297542', 'https://bugzilla.redhat.com/2297543', 'https://bugzilla.redhat.com/2297544', 'https://bugzilla.redhat.com/2297556', 'https://bugzilla.redhat.com/2297561', 'https://bugzilla.redhat.com/2297562', 'https://bugzilla.redhat.com/2297572', 'https://bugzilla.redhat.com/2297573', 'https://bugzilla.redhat.com/2297579', 'https://bugzilla.redhat.com/2297581', 'https://bugzilla.redhat.com/2297582', 'https://bugzilla.redhat.com/2297589', 'https://bugzilla.redhat.com/2297706', 'https://bugzilla.redhat.com/2297909', 'https://bugzilla.redhat.com/2298079', 'https://bugzilla.redhat.com/2298140', 'https://bugzilla.redhat.com/2298177', 'https://bugzilla.redhat.com/2298640', 'https://bugzilla.redhat.com/2299240', 'https://bugzilla.redhat.com/2299336', 'https://bugzilla.redhat.com/2299452', 'https://bugzilla.redhat.com/2300296', 'https://bugzilla.redhat.com/2300297', 'https://bugzilla.redhat.com/2300402', 'https://bugzilla.redhat.com/2300407', 'https://bugzilla.redhat.com/2300408', 'https://bugzilla.redhat.com/2300409', 'https://bugzilla.redhat.com/2300410', 'https://bugzilla.redhat.com/2300414', 'https://bugzilla.redhat.com/2300429', 'https://bugzilla.redhat.com/2300430', 'https://bugzilla.redhat.com/2300434', 'https://bugzilla.redhat.com/2300448', 'https://bugzilla.redhat.com/2300453', 'https://bugzilla.redhat.com/2300492', 'https://bugzilla.redhat.com/2300533', 'https://bugzilla.redhat.com/2300552', 'https://bugzilla.redhat.com/2300713', 'https://bugzilla.redhat.com/2301477', 'https://bugzilla.redhat.com/2301489', 'https://bugzilla.redhat.com/2301496', 'https://bugzilla.redhat.com/2301519', 'https://bugzilla.redhat.com/2301522', 'https://bugzilla.redhat.com/2301544', 'https://bugzilla.redhat.com/2303077', 'https://bugzilla.redhat.com/2303505', 'https://bugzilla.redhat.com/2303506', 'https://bugzilla.redhat.com/2303508', 'https://bugzilla.redhat.com/2303514', 'https://bugzilla.redhat.com/2305467', 'https://bugzilla.redhat.com/2306365', 'https://errata.almalinux.org/8/ALSA-2024-7001.html', 'https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77', 'https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5', 'https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7', 'https://linux.oracle.com/cve/CVE-2024-42322.html', 'https://linux.oracle.com/errata/ELSA-2024-7000.html', 'https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42322-e2ef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-42322', 'https://www.cve.org/CVERecord?id=CVE-2024-42322'], 'PublishedDate': '2024-08-17T09:15:11.977Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43819', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43819', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kvm: s390: Reject memory region operations for ucontrol VMs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43819', 'https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)', 'https://git.kernel.org/stable/c/49c9945c054df4c22008e2bf87ca74d3e2507aa6', 'https://git.kernel.org/stable/c/7816e58967d0e6cadce05c8540b47ed027dc2499', 'https://lore.kernel.org/linux-cve-announce/2024081723-CVE-2024-43819-88ce@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43819', 'https://www.cve.org/CVERecord?id=CVE-2024-43819'], 'PublishedDate': '2024-08-17T10:15:08.147Z', 'LastModifiedDate': '2024-09-03T17:47:10.54Z'}, {'VulnerabilityID': 'CVE-2024-43823', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43823', 'https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)', 'https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23', 'https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775', 'https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506', 'https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43823', 'https://www.cve.org/CVERecord?id=CVE-2024-43823'], 'PublishedDate': '2024-08-17T10:15:08.4Z', 'LastModifiedDate': '2024-09-03T17:49:03.91Z'}, {'VulnerabilityID': 'CVE-2024-43824', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43824', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: PCI: endpoint: pci-epf-test: Make use of cached &#39;epc_features&#39; in pci_epf_test_core_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \'epc_features\' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier"\nflag"), \'epc_features\' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n  drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \'epc_features\' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43824', 'https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)', 'https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a', 'https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80', 'https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43824', 'https://www.cve.org/CVERecord?id=CVE-2024-43824'], 'PublishedDate': '2024-08-17T10:15:08.477Z', 'LastModifiedDate': '2024-09-03T17:48:39.16Z'}, {'VulnerabilityID': 'CVE-2024-43831', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43831', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: mediatek: vcodec: Handle invalid decoder vsi', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43831', 'https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)', 'https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db', 'https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f', 'https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43831', 'https://www.cve.org/CVERecord?id=CVE-2024-43831'], 'PublishedDate': '2024-08-17T10:15:08.917Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43832', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43832', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43832', 'https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)', 'https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7', 'https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d', 'https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb', 'https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16', 'https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43832', 'https://www.cve.org/CVERecord?id=CVE-2024-43832'], 'PublishedDate': '2024-08-17T10:15:08.98Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43842', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \'status->he_gi\' is compared to array size.\nBut then \'rate->he_gi\' is used as array index instead of \'status->he_gi\'.\nThis can lead to go beyond array boundaries in case of \'rate->he_gi\' is\nnot equal to \'status->he_gi\' and is bigger than array size. Looks like\n"copy-paste" mistake.\n\nFix this mistake by replacing \'rate->he_gi\' with \'status->he_gi\'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43842', 'https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)', 'https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74', 'https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891', 'https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58', 'https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366', 'https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43842', 'https://www.cve.org/CVERecord?id=CVE-2024-43842'], 'PublishedDate': '2024-08-17T10:15:09.647Z', 'LastModifiedDate': '2024-09-30T13:55:17.007Z'}, {'VulnerabilityID': 'CVE-2024-43844', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43844', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb->end.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL>\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G           O       6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43844', 'https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)', 'https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296', 'https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2', 'https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43844', 'https://www.cve.org/CVERecord?id=CVE-2024-43844'], 'PublishedDate': '2024-08-17T10:15:09.763Z', 'LastModifiedDate': '2024-08-19T12:59:59.177Z'}, {'VulnerabilityID': 'CVE-2024-43866', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43866', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Always drain health in shutdown callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43866', 'https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)', 'https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393', 'https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b', 'https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285', 'https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2', 'https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43866', 'https://www.cve.org/CVERecord?id=CVE-2024-43866'], 'PublishedDate': '2024-08-21T00:15:05.023Z', 'LastModifiedDate': '2024-10-17T14:15:07.297Z'}, {'VulnerabilityID': 'CVE-2024-43872', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43872', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: RDMA/hns: Fix soft lockup under heavy CEQE load', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43872', 'https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)', 'https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08', 'https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b', 'https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43872', 'https://www.cve.org/CVERecord?id=CVE-2024-43872'], 'PublishedDate': '2024-08-21T01:15:11.74Z', 'LastModifiedDate': '2024-09-03T13:38:34.867Z'}, {'VulnerabilityID': 'CVE-2024-43886', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43886', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add null check in resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from "Extend" to "Second Display Only" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43886', 'https://git.kernel.org/linus/899d92fd26fe780aad711322aa671f68058207a6 (6.11-rc1)', 'https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6', 'https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee', 'https://lore.kernel.org/linux-cve-announce/2024082657-CVE-2024-43886-0726@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43886', 'https://www.cve.org/CVERecord?id=CVE-2024-43886'], 'PublishedDate': '2024-08-26T11:15:03.83Z', 'LastModifiedDate': '2024-08-27T14:37:45.377Z'}, {'VulnerabilityID': 'CVE-2024-43895', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43895', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n    PGD 0 P4D 0\n    Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n    Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n    RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n    Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n    RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n    RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n    RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n    R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n    R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n    FS:  00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n    Call Trace:\n<TASK>\n     ? __die+0x23/0x70\n     ? page_fault_oops+0x171/0x4e0\n     ? plist_add+0xbe/0x100\n     ? exc_page_fault+0x7c/0x180\n     ? asm_exc_page_fault+0x26/0x30\n     ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n     compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n     drm_atomic_check_only+0x5c5/0xa40\n     drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43895', 'https://git.kernel.org/linus/50e376f1fe3bf571d0645ddf48ad37eb58323919 (6.11-rc3)', 'https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9', 'https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919', 'https://git.kernel.org/stable/c/5357141b4c2e2b332b6f11607ba8c5fbc2669a10', 'https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad', 'https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f', 'https://lore.kernel.org/linux-cve-announce/2024082608-CVE-2024-43895-d3c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43895', 'https://www.cve.org/CVERecord?id=CVE-2024-43895'], 'PublishedDate': '2024-08-26T11:15:04.333Z', 'LastModifiedDate': '2024-10-10T12:15:04.35Z'}, {'VulnerabilityID': 'CVE-2024-43898', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43898', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ext4: sanity check for NULL pointer after ext4_force_shutdown', 'Description': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43898', 'https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1)', 'https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e', 'https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652', 'https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901', 'https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43898', 'https://www.cve.org/CVERecord?id=CVE-2024-43898'], 'PublishedDate': '2024-08-26T11:15:04.493Z', 'LastModifiedDate': '2024-09-10T08:15:02.96Z'}, {'VulnerabilityID': 'CVE-2024-43899', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[  181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  181.843997] #PF: supervisor instruction fetch in kernel mode\n[  181.844003] #PF: error_code(0x0010) - not-present page\n[  181.844009] PGD 0 P4D 0\n[  181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[  181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G        W  OE      6.5.0-41-generic #41~22.04.2-Ubuntu\n[  181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[  181.844044] RIP: 0010:0x0\n[  181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[  181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[  181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[  181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[  181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[  181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[  181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[  181.844121] FS:  00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[  181.844128] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[  181.844141] Call Trace:\n[  181.844146]  <TASK>\n[  181.844153]  ? show_regs+0x6d/0x80\n[  181.844167]  ? __die+0x24/0x80\n[  181.844179]  ? page_fault_oops+0x99/0x1b0\n[  181.844192]  ? do_user_addr_fault+0x31d/0x6b0\n[  181.844204]  ? exc_page_fault+0x83/0x1b0\n[  181.844216]  ? asm_exc_page_fault+0x27/0x30\n[  181.844237]  dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[  181.845115]  amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[  181.845985]  amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[  181.846848]  fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[  181.847734]  fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[  181.848748]  dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.849791]  ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[  181.850840]  amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43899', 'https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)', 'https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e', 'https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c', 'https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43899', 'https://www.cve.org/CVERecord?id=CVE-2024-43899'], 'PublishedDate': '2024-08-26T11:15:04.557Z', 'LastModifiedDate': '2024-08-27T14:38:19.74Z'}, {'VulnerabilityID': 'CVE-2024-43900', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43900', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: media: xc2028: avoid use-after-free in load_firmware_cb()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 <= create a worker\n...\ntuner_remove                            <= free dvb_frontend\n...\n                    request_firmware_work_func  <= the firmware is ready\n                    load_firmware_cb    <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43900', 'https://git.kernel.org/linus/68594cec291ff9523b9feb3f43fd853dcddd1f60 (6.11-rc1)', 'https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5', 'https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60', 'https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b', 'https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43900', 'https://www.cve.org/CVERecord?id=CVE-2024-43900'], 'PublishedDate': '2024-08-26T11:15:04.613Z', 'LastModifiedDate': '2024-08-27T14:38:32.967Z'}, {'VulnerabilityID': 'CVE-2024-43903', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43903', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43903', 'https://git.kernel.org/linus/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff (6.11-rc1)', 'https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc', 'https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff', 'https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04', 'https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43903', 'https://www.cve.org/CVERecord?id=CVE-2024-43903'], 'PublishedDate': '2024-08-26T11:15:04.793Z', 'LastModifiedDate': '2024-08-27T13:39:48.683Z'}, {'VulnerabilityID': 'CVE-2024-43904', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43904', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43904', 'https://git.kernel.org/linus/15c2990e0f0108b9c3752d7072a97d45d4283aea (6.11-rc1)', 'https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea', 'https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857', 'https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43904', 'https://www.cve.org/CVERecord?id=CVE-2024-43904'], 'PublishedDate': '2024-08-26T11:15:04.847Z', 'LastModifiedDate': '2024-08-27T13:40:50.577Z'}, {'VulnerabilityID': 'CVE-2024-43906', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43906', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/admgpu: fix dereferencing null pointer context', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43906', 'https://git.kernel.org/linus/030ffd4d43b433bc6671d9ec34fc12c59220b95d (6.11-rc1)', 'https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d', 'https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d', 'https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05', 'https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43906', 'https://www.cve.org/CVERecord?id=CVE-2024-43906'], 'PublishedDate': '2024-08-26T11:15:04.947Z', 'LastModifiedDate': '2024-08-27T13:41:30.093Z'}, {'VulnerabilityID': 'CVE-2024-43910', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43910', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[  244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[  244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[  244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[  244.174318] Call Trace:\n[  244.175787]  <TASK>\n[  244.177356]  dump_stack_lvl+0x66/0xa0\n[  244.179531]  print_report+0xce/0x670\n[  244.182314]  ? __virt_addr_valid+0x200/0x3e0\n[  244.184908]  kasan_report+0xd7/0x110\n[  244.187408]  ? bpf_dynptr_data+0x137/0x140\n[  244.189714]  ? bpf_dynptr_data+0x137/0x140\n[  244.192020]  bpf_dynptr_data+0x137/0x140\n[  244.194264]  bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[  244.198044]  bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[  244.202136]  bpf_user_ringbuf_drain+0x2c7/0x570\n[  244.204744]  ? 0xffffffffc0009e58\n[  244.206593]  ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[  244.209795]  bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[  244.215922]  bpf_trampoline_6442502480+0x43/0xe3\n[  244.218691]  __x64_sys_prlimit64+0x9/0xf0\n[  244.220912]  do_syscall_64+0xc1/0x1d0\n[  244.223043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  244.226458] RIP: 0033:0x7ffa3eb8f059\n[  244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[  244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[  244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[  244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[  244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[  244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[  244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[  244.268303]  </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43910', 'https://git.kernel.org/linus/ec2b9a5e11e51fea1bb04c1e7e471952e887e874 (6.11-rc1)', 'https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a', 'https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874', 'https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43910', 'https://www.cve.org/CVERecord?id=CVE-2024-43910'], 'PublishedDate': '2024-08-26T11:15:05.177Z', 'LastModifiedDate': '2024-09-05T18:30:23.437Z'}, {'VulnerabilityID': 'CVE-2024-43911', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43911', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n   0:\tf7 e8                \timul   %eax\n   2:\td5                   \t(bad)\n   3:\t93                   \txchg   %eax,%ebx\n   4:\t3e ea                \tds (bad)\n   6:\t48 83 c4 28          \tadd    $0x28,%rsp\n   a:\t89 d8                \tmov    %ebx,%eax\n   c:\t5b                   \tpop    %rbx\n   d:\t41 5c                \tpop    %r12\n   f:\t41 5d                \tpop    %r13\n  11:\t41 5e                \tpop    %r14\n  13:\t41 5f                \tpop    %r15\n  15:\t5d                   \tpop    %rbp\n  16:\tc3                   \tretq\n  17:\tcc                   \tint3\n  18:\tcc                   \tint3\n  19:\tcc                   \tint3\n  1a:\tcc                   \tint3\n  1b:\t49 8b 84 24 e0 f1 ff \tmov    -0xe20(%r12),%rax\n  22:\tff\n  23:\t48 8b 80 90 1b 00 00 \tmov    0x1b90(%rax),%rax\n  2a:*\t83 38 03             \tcmpl   $0x3,(%rax)\t\t<-- trapping instruction\n  2d:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe6a\n  33:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n  38:\teb cc                \tjmp    0x6\n  3a:\t49                   \trex.WB\n  3b:\t8b                   \t.byte 0x8b\n  3c:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  3f:\tf3                   \trepz\n\nCode starting with the faulting instruction\n===========================================\n   0:\t83 38 03             \tcmpl   $0x3,(%rax)\n   3:\t0f 84 37 fe ff ff    \tje     0xfffffffffffffe40\n   9:\tbb ea ff ff ff       \tmov    $0xffffffea,%ebx\n   e:\teb cc                \tjmp    0xffffffffffffffdc\n  10:\t49                   \trex.WB\n  11:\t8b                   \t.byte 0x8b\n  12:\t84 24 10             \ttest   %ah,(%rax,%rdx,1)\n  15:\tf3                   \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS:  0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324]  <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43911', 'https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)', 'https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b', 'https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6', 'https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43911', 'https://www.cve.org/CVERecord?id=CVE-2024-43911'], 'PublishedDate': '2024-08-26T11:15:05.227Z', 'LastModifiedDate': '2024-08-27T16:08:52.493Z'}, {'VulnerabilityID': 'CVE-2024-43912', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43912', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: nl80211: disallow setting special AP channel widths', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43912', 'https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)', 'https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe', 'https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e', 'https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc', 'https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee', 'https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43912', 'https://www.cve.org/CVERecord?id=CVE-2024-43912'], 'PublishedDate': '2024-08-26T11:15:05.28Z', 'LastModifiedDate': '2024-09-05T18:19:17.067Z'}, {'VulnerabilityID': 'CVE-2024-43913', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43913', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: nvme: apple: fix device reference counting', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-401'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43913', 'https://git.kernel.org/linus/b9ecbfa45516182cd062fecd286db7907ba84210 (6.11-rc1)', 'https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210', 'https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d', 'https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43913', 'https://www.cve.org/CVERecord?id=CVE-2024-43913'], 'PublishedDate': '2024-08-26T11:15:05.33Z', 'LastModifiedDate': '2024-09-05T18:12:55.68Z'}, {'VulnerabilityID': 'CVE-2024-44931', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: gpio: prevent potential speculation leaks in gpio_device_get_desc()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44931', 'https://git.kernel.org/linus/d795848ecce24a75dfd46481aee066ae6fe39775 (6.11-rc1)', 'https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc', 'https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4', 'https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0', 'https://git.kernel.org/stable/c/c65ab97efcd438cb4e9f299400f2ea55251f3a67', 'https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb', 'https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775', 'https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44931', 'https://www.cve.org/CVERecord?id=CVE-2024-44931'], 'PublishedDate': '2024-08-26T11:15:05.447Z', 'LastModifiedDate': '2024-10-17T14:15:07.39Z'}, {'VulnerabilityID': 'CVE-2024-44938', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: Fix shift-out-of-bounds in dbDiscardAG', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44938', 'https://git.kernel.org/linus/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 (6.11-rc1)', 'https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630', 'https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2', 'https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e', 'https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3', 'https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-44938-fc08@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44938', 'https://www.cve.org/CVERecord?id=CVE-2024-44938'], 'PublishedDate': '2024-08-26T12:15:05.96Z', 'LastModifiedDate': '2024-09-12T14:05:44.31Z'}, {'VulnerabilityID': 'CVE-2024-44939', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44939', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: jfs: fix null ptr deref in dtInsertEntry', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the\npreviously true judgment "p->header.flag & BT-LEAF" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44939', 'https://git.kernel.org/linus/ce6dede912f064a855acf6f04a04cbb2c25b8c8c (6.11-rc1)', 'https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9', 'https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6', 'https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702', 'https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c', 'https://lore.kernel.org/linux-cve-announce/2024082619-CVE-2024-44939-cf96@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44939', 'https://www.cve.org/CVERecord?id=CVE-2024-44939'], 'PublishedDate': '2024-08-26T12:15:06.007Z', 'LastModifiedDate': '2024-09-12T20:58:03.783Z'}, {'VulnerabilityID': 'CVE-2024-44942', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44942', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inline.c:258!\nCPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0\nRIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258\nCall Trace:\n f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834\n f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]\n f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315\n do_writepages+0x35b/0x870 mm/page-writeback.c:2612\n __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650\n writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941\n wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117\n wb_do_writeback fs/fs-writeback.c:2264 [inline]\n wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335\n worker_thread+0x86d/0xd70 kernel/workqueue.c:3416\n kthread+0x2f2/0x390 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nThe root cause is: inline_data inode can be fuzzed, so that there may\nbe valid blkaddr in its direct node, once f2fs triggers background GC\nto migrate the block, it will hit f2fs_bug_on() during dirty page\nwriteback.\n\nLet's add sanity check on F2FS_INLINE_DATA flag in inode during GC,\nso that, it can forbid migrating inline_data inode's data block for\nfixing.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44942', 'https://git.kernel.org/linus/fc01008c92f40015aeeced94750855a7111b6929 (6.11-rc1)', 'https://git.kernel.org/stable/c/26c07775fb5dc74351d1c3a2bc3cdf609b03e49f', 'https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745', 'https://git.kernel.org/stable/c/fc01008c92f40015aeeced94750855a7111b6929', 'https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-44942-651a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44942', 'https://www.cve.org/CVERecord?id=CVE-2024-44942'], 'PublishedDate': '2024-08-26T12:15:06.157Z', 'LastModifiedDate': '2024-08-27T16:09:10.01Z'}, {'VulnerabilityID': 'CVE-2024-44949', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44949', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: parisc: fix a possible DMA corruption', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat's the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44949', 'https://git.kernel.org/linus/7ae04ba36b381bffe2471eff3a93edced843240f (6.11-rc2)', 'https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f', 'https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f', 'https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44949-8f05@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44949', 'https://www.cve.org/CVERecord?id=CVE-2024-44949'], 'PublishedDate': '2024-09-04T19:15:30.04Z', 'LastModifiedDate': '2024-10-09T13:53:32.513Z'}, {'VulnerabilityID': 'CVE-2024-44950', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44950', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: serial: sc16is7xx: fix invalid FIFO access with special register set', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n    sc16is7xx_port_irq() entry            --> IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44950', 'https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)', 'https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0', 'https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b', 'https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44950', 'https://www.cve.org/CVERecord?id=CVE-2024-44950'], 'PublishedDate': '2024-09-04T19:15:30.1Z', 'LastModifiedDate': '2024-10-09T14:21:16.773Z'}, {'VulnerabilityID': 'CVE-2024-44955', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44955', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44955', 'https://git.kernel.org/linus/fcf6a49d79923a234844b8efe830a61f3f0584e4 (6.11-rc1)', 'https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263', 'https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44955-20e8@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44955', 'https://www.cve.org/CVERecord?id=CVE-2024-44955'], 'PublishedDate': '2024-09-04T19:15:30.423Z', 'LastModifiedDate': '2024-10-10T17:57:00.267Z'}, {'VulnerabilityID': 'CVE-2024-44956', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44956', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe/preempt_fence: enlarge the fence critical section', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44956', 'https://git.kernel.org/linus/3cd1585e57908b6efcd967465ef7685f40b2a294 (6.11-rc1)', 'https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294', 'https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44956', 'https://www.cve.org/CVERecord?id=CVE-2024-44956'], 'PublishedDate': '2024-09-04T19:15:30.48Z', 'LastModifiedDate': '2024-09-06T16:37:11.777Z'}, {'VulnerabilityID': 'CVE-2024-44957', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44957', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Switch from mutex to spinlock for irqfds', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can't use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44957', 'https://git.kernel.org/linus/1c682593096a487fd9aebc079a307ff7a6d054a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3', 'https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e', 'https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c', 'https://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44957', 'https://www.cve.org/CVERecord?id=CVE-2024-44957'], 'PublishedDate': '2024-09-04T19:15:30.523Z', 'LastModifiedDate': '2024-09-06T16:37:00.077Z'}, {'VulnerabilityID': 'CVE-2024-44961', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44961', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Forward soft recovery errors to userspace', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44961', 'https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)', 'https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a', 'https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51', 'https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44961', 'https://www.cve.org/CVERecord?id=CVE-2024-44961'], 'PublishedDate': '2024-09-04T19:15:30.77Z', 'LastModifiedDate': '2024-10-04T16:39:39.3Z'}, {'VulnerabilityID': 'CVE-2024-44962', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44962', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44962', 'https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)', 'https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33', 'https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b', 'https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44962', 'https://www.cve.org/CVERecord?id=CVE-2024-44962'], 'PublishedDate': '2024-09-04T19:15:30.827Z', 'LastModifiedDate': '2024-10-04T16:20:34.55Z'}, {'VulnerabilityID': 'CVE-2024-44963', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44963', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not BUG_ON() when freeing tree block after error', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44963', 'https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)', 'https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f', 'https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11', 'https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44963', 'https://www.cve.org/CVERecord?id=CVE-2024-44963'], 'PublishedDate': '2024-09-04T19:15:30.883Z', 'LastModifiedDate': '2024-10-04T16:19:20.77Z'}, {'VulnerabilityID': 'CVE-2024-44970', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44970', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H', 'V3Score': 7.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44970', 'https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)', 'https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9', 'https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76', 'https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78', 'https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30', 'https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44970', 'https://www.cve.org/CVERecord?id=CVE-2024-44970'], 'PublishedDate': '2024-09-04T19:15:31.307Z', 'LastModifiedDate': '2024-10-03T14:22:06.003Z'}, {'VulnerabilityID': 'CVE-2024-44972', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44972', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: do not clear page dirty inside extent_write_locked_range()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44972', 'https://git.kernel.org/linus/97713b1a2ced1e4a2a6c40045903797ebd44d7e0 (6.11-rc1)', 'https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0', 'https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368', 'https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f', 'https://lore.kernel.org/linux-cve-announce/2024090457-CVE-2024-44972-23b5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44972', 'https://www.cve.org/CVERecord?id=CVE-2024-44972'], 'PublishedDate': '2024-09-04T19:15:31.43Z', 'LastModifiedDate': '2024-10-03T16:10:12.077Z'}, {'VulnerabilityID': 'CVE-2024-44977', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-44977', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Validate TA binary size', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-44977', 'https://git.kernel.org/linus/c99769bceab4ecb6a067b9af11f9db281eea3e2a (6.11-rc5)', 'https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad', 'https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19', 'https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a', 'https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f', 'https://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44977-7f6b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-44977', 'https://www.cve.org/CVERecord?id=CVE-2024-44977'], 'PublishedDate': '2024-09-04T20:15:07.29Z', 'LastModifiedDate': '2024-10-10T17:47:59.593Z'}, {'VulnerabilityID': 'CVE-2024-45010', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: mptcp: pm: only mark 'subflow' endp as available", 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \'subflow\' endp as available\n\nAdding the following warning ...\n\n  WARN_ON_ONCE(msk->pm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the "remove single address" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \'signal\' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\'subflow\' endpoints, and here it is a \'signal\' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \'subflow\' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45010', 'https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)', 'https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6', 'https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d', 'https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f', 'https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45010', 'https://www.cve.org/CVERecord?id=CVE-2024-45010'], 'PublishedDate': '2024-09-11T16:15:06.483Z', 'LastModifiedDate': '2024-09-13T16:35:05.843Z'}, {'VulnerabilityID': 'CVE-2024-45015', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45015', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/msm/dpu: move dpu_encoder&#39;s connector assignment to atomic_enable()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45015', 'https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)', 'https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52', 'https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77', 'https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990', 'https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45015', 'https://www.cve.org/CVERecord?id=CVE-2024-45015'], 'PublishedDate': '2024-09-11T16:15:06.763Z', 'LastModifiedDate': '2024-09-13T16:35:58.617Z'}, {'VulnerabilityID': 'CVE-2024-45016', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'FixedVersion': '5.15.0-124.134', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45016', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netem: fix return value if duplicate enqueue fails', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\'s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq->enqueue() and then\n  the original packet is also dropped.\n- If rootq->enqueue() sends the duplicated packet to a different qdisc\n  and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45016', 'https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)', 'https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469', 'https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8', 'https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014', 'https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4', 'https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382', 'https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d', 'https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45016', 'https://ubuntu.com/security/notices/USN-7069-1', 'https://ubuntu.com/security/notices/USN-7069-2', 'https://ubuntu.com/security/notices/USN-7071-1', 'https://ubuntu.com/security/notices/USN-7072-1', 'https://ubuntu.com/security/notices/USN-7073-1', 'https://ubuntu.com/security/notices/USN-7073-2', 'https://ubuntu.com/security/notices/USN-7074-1', 'https://ubuntu.com/security/notices/USN-7076-1', 'https://www.cve.org/CVERecord?id=CVE-2024-45016'], 'PublishedDate': '2024-09-11T16:15:06.817Z', 'LastModifiedDate': '2024-09-13T16:36:06.773Z'}, {'VulnerabilityID': 'CVE-2024-45017', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-45017', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix IPsec RoCE MPV trace call', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn't support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n </TASK>\n---[ end trace 5ef7896144d398e1 ]---", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-45017', 'https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)', 'https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509', 'https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137', 'https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-45017', 'https://www.cve.org/CVERecord?id=CVE-2024-45017'], 'PublishedDate': '2024-09-11T16:15:06.877Z', 'LastModifiedDate': '2024-09-13T16:36:13.19Z'}, {'VulnerabilityID': 'CVE-2024-46678', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46678', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bonding: change ipsec_lock from spin lock to mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond->ipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n"scheduling while atomic" will be triggered when changing bond\'s\nactive slave.\n\n[  101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[  101.055726] Modules linked in:\n[  101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[  101.058760] Hardware name:\n[  101.059434] Call Trace:\n[  101.059436]  <TASK>\n[  101.060873]  dump_stack_lvl+0x51/0x60\n[  101.061275]  __schedule_bug+0x4e/0x60\n[  101.061682]  __schedule+0x612/0x7c0\n[  101.062078]  ? __mod_timer+0x25c/0x370\n[  101.062486]  schedule+0x25/0xd0\n[  101.062845]  schedule_timeout+0x77/0xf0\n[  101.063265]  ? asm_common_interrupt+0x22/0x40\n[  101.063724]  ? __bpf_trace_itimer_state+0x10/0x10\n[  101.064215]  __wait_for_common+0x87/0x190\n[  101.064648]  ? usleep_range_state+0x90/0x90\n[  101.065091]  cmd_exec+0x437/0xb20 [mlx5_core]\n[  101.065569]  mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[  101.066051]  mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[  101.066552]  mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[  101.067163]  ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.067738]  ? kmalloc_trace+0x4d/0x350\n[  101.068156]  mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[  101.068747]  mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[  101.069312]  bond_change_active_slave+0x392/0x900 [bonding]\n[  101.069868]  bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[  101.070454]  __bond_opt_set+0xa6/0x430 [bonding]\n[  101.070935]  __bond_opt_set_notify+0x2f/0x90 [bonding]\n[  101.071453]  bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[  101.071965]  bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[  101.072567]  kernfs_fop_write_iter+0x10c/0x1a0\n[  101.073033]  vfs_write+0x2d8/0x400\n[  101.073416]  ? alloc_fd+0x48/0x180\n[  101.073798]  ksys_write+0x5f/0xe0\n[  101.074175]  do_syscall_64+0x52/0x110\n[  101.074576]  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn\'t have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-667'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46678', 'https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)', 'https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f', 'https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3', 'https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3', 'https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46678', 'https://www.cve.org/CVERecord?id=CVE-2024-46678'], 'PublishedDate': '2024-09-13T06:15:12.45Z', 'LastModifiedDate': '2024-09-23T14:44:12.88Z'}, {'VulnerabilityID': 'CVE-2024-46681', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46681', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: pktgen: use cpus_read_lock() in pg_net_init()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46681', 'https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)', 'https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf', 'https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5', 'https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46681', 'https://www.cve.org/CVERecord?id=CVE-2024-46681'], 'PublishedDate': '2024-09-13T06:15:12.71Z', 'LastModifiedDate': '2024-09-19T18:10:49.623Z'}, {'VulnerabilityID': 'CVE-2024-46695', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46695', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: selinux,smack: don&#39;t bypass permissions check in inode_setsecctx hook', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux,smack: don't bypass permissions check in inode_setsecctx hook\n\nMarek Gresko reports that the root user on an NFS client is able to\nchange the security labels on files on an NFS filesystem that is\nexported with root squashing enabled.\n\nThe end of the kerneldoc comment for __vfs_setxattr_noperm() states:\n\n *  This function requires the caller to lock the inode's i_mutex before it\n *  is executed. It also assumes that the caller will make the appropriate\n *  permission checks.\n\nnfsd_setattr() does do permissions checking via fh_verify() and\nnfsd_permission(), but those don't do all the same permissions checks\nthat are done by security_inode_setxattr() and its related LSM hooks do.\n\nSince nfsd_setattr() is the only consumer of security_inode_setsecctx(),\nsimplest solution appears to be to replace the call to\n__vfs_setxattr_noperm() with a call to __vfs_setxattr_locked().  This\nfixes the above issue and has the added benefit of causing nfsd to\nrecall conflicting delegations on a file when a client tries to change\nits security label.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-276'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46695', 'https://git.kernel.org/linus/76a0e79bc84f466999fa501fce5bf7a07641b8a7 (6.11-rc6)', 'https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda', 'https://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57', 'https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7', 'https://git.kernel.org/stable/c/eebec98791d0137e455cc006411bb92a54250924', 'https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96', 'https://git.kernel.org/stable/c/fe0cd53791119f6287b6532af8ce41576d664930', 'https://lore.kernel.org/linux-cve-announce/2024091340-CVE-2024-46695-affc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46695', 'https://www.cve.org/CVERecord?id=CVE-2024-46695'], 'PublishedDate': '2024-09-13T06:15:14.32Z', 'LastModifiedDate': '2024-10-17T14:15:07.517Z'}, {'VulnerabilityID': 'CVE-2024-46705', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46705', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: reset mmio mappings with devm', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46705', 'https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)', 'https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a', 'https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6', 'https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46705', 'https://www.cve.org/CVERecord?id=CVE-2024-46705'], 'PublishedDate': '2024-09-13T07:15:05.477Z', 'LastModifiedDate': '2024-09-19T13:30:44.133Z'}, {'VulnerabilityID': 'CVE-2024-46715', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46715', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: driver: iio: add missing checks on iio_info&#39;s callback access', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46715', 'https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)', 'https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70', 'https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1', 'https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252', 'https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46715', 'https://www.cve.org/CVERecord?id=CVE-2024-46715'], 'PublishedDate': '2024-09-18T07:15:03.13Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46716', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46716', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n   msgdma_free_chan_resources -> msgdma_free_descriptors ->\n   msgdma_free_desc_list -> msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46716', 'https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716', 'https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1', 'https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725', 'https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46716', 'https://www.cve.org/CVERecord?id=CVE-2024-46716'], 'PublishedDate': '2024-09-18T07:15:03.183Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46717', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46717', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5e: SHAMPO, Fix incorrect page release', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46717', 'https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629', 'https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7', 'https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab', 'https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46717', 'https://www.cve.org/CVERecord?id=CVE-2024-46717'], 'PublishedDate': '2024-09-18T07:15:03.237Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46718', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46718', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/xe: Don&#39;t overmap identity VRAM mapping', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46718', 'https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)', 'https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7', 'https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65', 'https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46718', 'https://www.cve.org/CVERecord?id=CVE-2024-46718'], 'PublishedDate': '2024-09-18T07:15:03.303Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46720', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46720', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: fix dereference after null check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46720', 'https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)', 'https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50', 'https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c', 'https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517', 'https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441', 'https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46720', 'https://www.cve.org/CVERecord?id=CVE-2024-46720'], 'PublishedDate': '2024-09-18T07:15:03.42Z', 'LastModifiedDate': '2024-09-20T18:22:04.693Z'}, {'VulnerabilityID': 'CVE-2024-46726', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46726', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure index calculation will not overflow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY & HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46726', 'https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)', 'https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed', 'https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd', 'https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2', 'https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46726', 'https://www.cve.org/CVERecord?id=CVE-2024-46726'], 'PublishedDate': '2024-09-18T07:15:03.787Z', 'LastModifiedDate': '2024-09-20T18:36:27.07Z'}, {'VulnerabilityID': 'CVE-2024-46727', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46727', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46727', 'https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)', 'https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae', 'https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46727', 'https://www.cve.org/CVERecord?id=CVE-2024-46727'], 'PublishedDate': '2024-09-18T07:15:03.84Z', 'LastModifiedDate': '2024-09-30T12:49:43.097Z'}, {'VulnerabilityID': 'CVE-2024-46728', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46728', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check index for aux_rd_interval before using', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46728', 'https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)', 'https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a', 'https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c', 'https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46728', 'https://www.cve.org/CVERecord?id=CVE-2024-46728'], 'PublishedDate': '2024-09-18T07:15:03.893Z', 'LastModifiedDate': '2024-09-26T13:31:34.347Z'}, {'VulnerabilityID': 'CVE-2024-46729', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46729', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix incorrect size calculation for loop', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46729', 'https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)', 'https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267', 'https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46729', 'https://www.cve.org/CVERecord?id=CVE-2024-46729'], 'PublishedDate': '2024-09-18T07:15:03.95Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46730', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46730', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Ensure array index tg_inst won&#39;t be -1', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY & HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-191'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46730', 'https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)', 'https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931', 'https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46730', 'https://www.cve.org/CVERecord?id=CVE-2024-46730'], 'PublishedDate': '2024-09-18T07:15:04.003Z', 'LastModifiedDate': '2024-09-30T12:49:00.333Z'}, {'VulnerabilityID': 'CVE-2024-46733', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46733', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: fix qgroup reserve leaks in cow_file_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n  Call Trace:\n   <TASK>\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? __warn.cold+0x8e/0xea\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   ? report_bug+0xff/0x140\n   ? handle_bug+0x3b/0x70\n   ? exc_invalid_op+0x17/0x70\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? close_ctree+0x222/0x4d0 [btrfs]\n   generic_shutdown_super+0x70/0x160\n   kill_anon_super+0x11/0x40\n   btrfs_kill_super+0x11/0x20 [btrfs]\n   deactivate_locked_super+0x2e/0xa0\n   cleanup_mnt+0xb5/0x150\n   task_work_run+0x57/0x80\n   syscall_exit_to_user_mode+0x121/0x130\n   do_syscall_64+0xab/0x1a0\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n  RIP: 0033:0x7f916847a887\n  ---[ end trace 0000000000000000 ]---\n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46733', 'https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)', 'https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2', 'https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f', 'https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46733', 'https://www.cve.org/CVERecord?id=CVE-2024-46733'], 'PublishedDate': '2024-09-18T07:15:04.17Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46742', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()\n\nnull-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)\nand parse_lease_state() return NULL.\n\nFix this by check if 'lease_ctx_info' is NULL.\n\nAdditionally, remove the redundant parentheses in\nparse_durable_handle_context().", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46742', 'https://git.kernel.org/linus/4e8771a3666c8f216eefd6bd2fd50121c6c437db (6.11-rc5)', 'https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6', 'https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada', 'https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db', 'https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46742-223b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46742', 'https://www.cve.org/CVERecord?id=CVE-2024-46742'], 'PublishedDate': '2024-09-18T08:15:03.48Z', 'LastModifiedDate': '2024-09-20T18:32:34.303Z'}, {'VulnerabilityID': 'CVE-2024-46748', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46748', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46748', 'https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)', 'https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa', 'https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96', 'https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46748', 'https://www.cve.org/CVERecord?id=CVE-2024-46748'], 'PublishedDate': '2024-09-18T08:15:03.847Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46749', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46749', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx->skb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[   54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[   54.643398] Mem abort info:\n[   54.646204]   ESR = 0x0000000096000004\n[   54.649964]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   54.655286]   SET = 0, FnV = 0\n[   54.658348]   EA = 0, S1PTW = 0\n[   54.661498]   FSC = 0x04: level 0 translation fault\n[   54.666391] Data abort info:\n[   54.669273]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[   54.674768]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[   54.674771]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[   54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[   54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[   54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[   54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[   54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[   54.744368] Workqueue: hci0 hci_power_on\n[   54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   54.757249] pc : kfree_skb_reason+0x18/0xb0\n[   54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.782921] sp : ffff8000805ebca0\n[   54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[   54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[   54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[   54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[   54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[   54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[   54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[   54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[   54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[   54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[   54.857599] Call trace:\n[   54.857601]  kfree_skb_reason+0x18/0xb0\n[   54.863878]  btnxpuart_flush+0x40/0x58 [btnxpuart]\n[   54.863888]  hci_dev_open_sync+0x3a8/0xa04\n[   54.872773]  hci_power_on+0x54/0x2e4\n[   54.881832]  process_one_work+0x138/0x260\n[   54.881842]  worker_thread+0x32c/0x438\n[   54.881847]  kthread+0x118/0x11c\n[   54.881853]  ret_from_fork+0x10/0x20\n[   54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[   54.896410] ---[ end trace 0000000000000000 ]---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46749', 'https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)', 'https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e', 'https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635', 'https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46749', 'https://www.cve.org/CVERecord?id=CVE-2024-46749'], 'PublishedDate': '2024-09-18T08:15:03.893Z', 'LastModifiedDate': '2024-09-20T18:45:43.483Z'}, {'VulnerabilityID': 'CVE-2024-46751', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46751', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON() when 0 reference count at btrfs_lookup_extent_info()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()\n\nInstead of doing a BUG_ON() handle the error by returning -EUCLEAN,\naborting the transaction and logging an error message.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46751', 'https://git.kernel.org/linus/28cb13f29faf6290597b24b728dc3100c019356f (6.11-rc1)', 'https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f', 'https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428', 'https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46751-17f5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46751', 'https://www.cve.org/CVERecord?id=CVE-2024-46751'], 'PublishedDate': '2024-09-18T08:15:04.01Z', 'LastModifiedDate': '2024-09-30T12:45:56.957Z'}, {'VulnerabilityID': 'CVE-2024-46753', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46753', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: handle errors from btrfs_dec_ref() properly', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is\nincorrect, we have proper error handling here, return the error.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46753', 'https://git.kernel.org/linus/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 (6.11-rc1)', 'https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1', 'https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de', 'https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46753', 'https://www.cve.org/CVERecord?id=CVE-2024-46753'], 'PublishedDate': '2024-09-18T08:15:04.107Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46754', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46754', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn\'t work since it was introduced in commit 04d4b274e2a\n("ipv6: sr: Add seg6local action End.BPF"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46754', 'https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)', 'https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6', 'https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb', 'https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46754', 'https://www.cve.org/CVERecord?id=CVE-2024-46754'], 'PublishedDate': '2024-09-18T08:15:04.153Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46762', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46762', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: xen: privcmd: Fix possible access to a freed kirqfd instance', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46762', 'https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)', 'https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b', 'https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557', 'https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527', 'https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46762', 'https://www.cve.org/CVERecord?id=CVE-2024-46762'], 'PublishedDate': '2024-09-18T08:15:04.57Z', 'LastModifiedDate': '2024-09-23T16:12:34.42Z'}, {'VulnerabilityID': 'CVE-2024-46765', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46765', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: protect XDP configuration with a mutex', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] <TASK>\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] </TASK>\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46765', 'https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)', 'https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f', 'https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3', 'https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f', 'https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46765', 'https://www.cve.org/CVERecord?id=CVE-2024-46765'], 'PublishedDate': '2024-09-18T08:15:04.71Z', 'LastModifiedDate': '2024-09-26T13:24:29.697Z'}, {'VulnerabilityID': 'CVE-2024-46770', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46770', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ice: Add netif_device_attach/detach into PF reset flow', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S                 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS:  00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n    netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46770', 'https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)', 'https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a', 'https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5', 'https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f', 'https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723', 'https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46770', 'https://www.cve.org/CVERecord?id=CVE-2024-46770'], 'PublishedDate': '2024-09-18T08:15:04.957Z', 'LastModifiedDate': '2024-09-23T16:13:25.563Z'}, {'VulnerabilityID': 'CVE-2024-46774', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46774', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n  arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n  spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46774', 'https://git.kernel.org/linus/0974d03eb479384466d828d65637814bee6b26d7 (6.11-rc1)', 'https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7', 'https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46774-48d9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46774', 'https://www.cve.org/CVERecord?id=CVE-2024-46774'], 'PublishedDate': '2024-09-18T08:15:05.18Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46775', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46775', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Validate function returns', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT & HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46775', 'https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)', 'https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49', 'https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c', 'https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46775', 'https://www.cve.org/CVERecord?id=CVE-2024-46775'], 'PublishedDate': '2024-09-18T08:15:05.24Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46776', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46776', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Run DC_LOG_DC after checking link-&gt;link_enc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Run DC_LOG_DC after checking link->link_enc\n\n[WHAT]\nThe DC_LOG_DC should be run after link->link_enc is checked, not before.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46776', 'https://git.kernel.org/linus/3a82f62b0d9d7687eac47603bb6cd14a50fa718b (6.11-rc1)', 'https://git.kernel.org/stable/c/3a82f62b0d9d7687eac47603bb6cd14a50fa718b', 'https://git.kernel.org/stable/c/874e3bb302f97b94ac548959ec4f925b8e7b45e2', 'https://git.kernel.org/stable/c/adc74d25cdbba978afbb57caec23bbcd0329f7b8', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46776-7a95@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46776', 'https://www.cve.org/CVERecord?id=CVE-2024-46776'], 'PublishedDate': '2024-09-18T08:15:05.287Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46778', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46778', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check UnboundedRequestEnabled&#39;s value', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46778', 'https://git.kernel.org/linus/a7b38c7852093385d0605aa3c8a2efd6edd1edfd (6.11-rc1)', 'https://git.kernel.org/stable/c/4e2b49a85e7974d21364798c5d4aa8070aa864d9', 'https://git.kernel.org/stable/c/a7b38c7852093385d0605aa3c8a2efd6edd1edfd', 'https://lore.kernel.org/linux-cve-announce/2024091848-CVE-2024-46778-ded6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46778', 'https://www.cve.org/CVERecord?id=CVE-2024-46778'], 'PublishedDate': '2024-09-18T08:15:05.38Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46784', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46784', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: mana: Fix error handling in mana_create_txq/rxq&#39;s NAPI cleanup', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46784', 'https://git.kernel.org/linus/b6ecc662037694488bfff7c9fd21c405df8411f2 (6.11-rc7)', 'https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65', 'https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788', 'https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c', 'https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2', 'https://lore.kernel.org/linux-cve-announce/2024091851-CVE-2024-46784-4773@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46784', 'https://www.cve.org/CVERecord?id=CVE-2024-46784'], 'PublishedDate': '2024-09-18T08:15:05.683Z', 'LastModifiedDate': '2024-09-26T13:21:30.657Z'}, {'VulnerabilityID': 'CVE-2024-46787', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46787', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: userfaultfd: fix checks for huge PMDs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series "userfaultfd: fix races around pmd_trans_huge() check", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n   the right two race windows) - I\'ve tested this in a kernel build with\n   some extra mdelay() calls. See the commit message for a description\n   of the race scenario.\n   On older kernels (before 6.5), I think the same bug can even\n   theoretically lead to accessing transhuge page contents as a page table\n   if you hit the right 5 narrow race windows (I haven\'t tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n   detecting PMDs that don\'t point to page tables.\n   On older kernels (before 6.5), you\'d just have to win a single fairly\n   wide race to hit this.\n   I\'ve tested this on 6.1 stable by racing migration (with a mdelay()\n   patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n   VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n   to yank page tables out from under us (though I haven\'t tested that),\n   so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n  mfill_atomic                other thread\n  ============                ============\n                              <zap PMD>\n  pmdp_get_lockless() [reads none pmd]\n  <bail if trans_huge>\n  <if none:>\n                              <pagefault creates transhuge zeropage>\n    __pte_alloc [no-op]\n                              <zap PMD>\n  <bail if pmd_trans_huge(*dst_pmd)>\n  BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b ("mm/pgtable: allow\npte_offset_map[_lock]() to fail"), this can\'t lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can\'t catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no "struct page" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding "struct page" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn\'t crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that\'s redundant, we\'re going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46787', 'https://git.kernel.org/linus/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 (6.11-rc7)', 'https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d', 'https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8', 'https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a', 'https://lore.kernel.org/linux-cve-announce/2024091852-CVE-2024-46787-8b6d@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46787', 'https://www.cve.org/CVERecord?id=CVE-2024-46787'], 'PublishedDate': '2024-09-18T08:15:05.833Z', 'LastModifiedDate': '2024-09-20T12:30:51.22Z'}, {'VulnerabilityID': 'CVE-2024-46802', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: added NULL check at start of dc_validate_stream', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46802', 'https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)', 'https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd', 'https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5', 'https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9', 'https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c', 'https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46802', 'https://www.cve.org/CVERecord?id=CVE-2024-46802'], 'PublishedDate': '2024-09-27T13:15:13.483Z', 'LastModifiedDate': '2024-10-07T14:21:55.687Z'}, {'VulnerabilityID': 'CVE-2024-46803', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46803', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46803', 'https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)', 'https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2', 'https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0', 'https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8', 'https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46803', 'https://www.cve.org/CVERecord?id=CVE-2024-46803'], 'PublishedDate': '2024-09-27T13:15:13.57Z', 'LastModifiedDate': '2024-10-04T17:45:16.867Z'}, {'VulnerabilityID': 'CVE-2024-46806', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46806', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix the warning division or modulo by zero', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-369'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46806', 'https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)', 'https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c', 'https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1', 'https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46806', 'https://www.cve.org/CVERecord?id=CVE-2024-46806'], 'PublishedDate': '2024-09-27T13:15:13.773Z', 'LastModifiedDate': '2024-10-02T13:17:04.64Z'}, {'VulnerabilityID': 'CVE-2024-46808', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46808', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why & How]\nASSERT if return NULL from kcalloc.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46808', 'https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)', 'https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c', 'https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e', 'https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46808', 'https://www.cve.org/CVERecord?id=CVE-2024-46808'], 'PublishedDate': '2024-09-27T13:15:13.907Z', 'LastModifiedDate': '2024-10-02T14:23:39.863Z'}, {'VulnerabilityID': 'CVE-2024-46809', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46809', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check BIOS images before it is used', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check BIOS images before it is used\n\nBIOS images may fail to load and null checks are added before they are\nused.\n\nThis fixes 6 NULL_RETURNS issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46809', 'https://git.kernel.org/linus/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c (6.11-rc1)', 'https://git.kernel.org/stable/c/8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c', 'https://git.kernel.org/stable/c/e46b70a7cfed71cb84e985c785c39c16df5c28cb', 'https://git.kernel.org/stable/c/e50bec62acaeec03afc6fa5dfb2426e52d049cf5', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46809-5b37@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46809', 'https://www.cve.org/CVERecord?id=CVE-2024-46809'], 'PublishedDate': '2024-09-27T13:15:13.973Z', 'LastModifiedDate': '2024-10-04T17:33:33.753Z'}, {'VulnerabilityID': 'CVE-2024-46811', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46811', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params->clk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46811', 'https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)', 'https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898', 'https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d', 'https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46811', 'https://www.cve.org/CVERecord?id=CVE-2024-46811'], 'PublishedDate': '2024-09-27T13:15:14.107Z', 'LastModifiedDate': '2024-10-07T14:24:56.86Z'}, {'VulnerabilityID': 'CVE-2024-46812', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46812', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration\n\n[Why]\nCoverity reports Memory - illegal accesses.\n\n[How]\nSkip inactive planes.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46812', 'https://git.kernel.org/linus/a54f7e866cc73a4cb71b8b24bb568ba35c8969df (6.11-rc1)', 'https://git.kernel.org/stable/c/3300a039caf850376bc3416c808cd8879da412bb', 'https://git.kernel.org/stable/c/8406158a546441b73f0b216aedacbf9a1e5748fb', 'https://git.kernel.org/stable/c/a54f7e866cc73a4cb71b8b24bb568ba35c8969df', 'https://git.kernel.org/stable/c/ee9d6df6d9172917d9ddbd948bb882652d5ecd29', 'https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46812-5954@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46812', 'https://www.cve.org/CVERecord?id=CVE-2024-46812'], 'PublishedDate': '2024-09-27T13:15:14.163Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46813', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46813', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Check link_index before accessing dc-&gt;links[]', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc->links[]\n\n[WHY & HOW]\ndc->links[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46813', 'https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)', 'https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf', 'https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46813', 'https://www.cve.org/CVERecord?id=CVE-2024-46813'], 'PublishedDate': '2024-09-27T13:15:14.23Z', 'LastModifiedDate': '2024-10-04T17:38:17.74Z'}, {'VulnerabilityID': 'CVE-2024-46816', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46816', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\n\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc->links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\n\n[How]\nMake sure link count less than max_links.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46816', 'https://git.kernel.org/linus/cf8b16857db702ceb8d52f9219a4613363e2b1cf (6.11-rc1)', 'https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87', 'https://git.kernel.org/stable/c/cf8b16857db702ceb8d52f9219a4613363e2b1cf', 'https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46816-0526@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46816', 'https://www.cve.org/CVERecord?id=CVE-2024-46816'], 'PublishedDate': '2024-09-27T13:15:14.433Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46820', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46820', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n      "WARN_ON(!amdgpu_irq_enabled(adev, src, type))"\nin amdgpu_irq_put().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46820', 'https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)', 'https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d', 'https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae', 'https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46820', 'https://www.cve.org/CVERecord?id=CVE-2024-46820'], 'PublishedDate': '2024-09-27T13:15:14.707Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46821', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46821', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/pm: Fix negative array index read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix negative array index read\n\nAvoid using the negative values\nfor clk_idex as an index into an array pptable->DpmDescriptor.\n\nV2: fix clk_index return check (Tim Huang)', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46821', 'https://git.kernel.org/linus/c8c19ebf7c0b202a6a2d37a52ca112432723db5f (6.11-rc1)', 'https://git.kernel.org/stable/c/06a3810010b525b9958424e344f0c25b09e128fa', 'https://git.kernel.org/stable/c/4711b1347cb9f0c3083da6d87c624d75f9bd1d50', 'https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d', 'https://git.kernel.org/stable/c/c8c19ebf7c0b202a6a2d37a52ca112432723db5f', 'https://lore.kernel.org/linux-cve-announce/2024092713-CVE-2024-46821-a13a@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46821', 'https://www.cve.org/CVERecord?id=CVE-2024-46821'], 'PublishedDate': '2024-09-27T13:15:14.767Z', 'LastModifiedDate': '2024-10-04T17:06:43.573Z'}, {'VulnerabilityID': 'CVE-2024-46823', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46823', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: kunit/overflow: Fix UB in overflow_allocation_test', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46823', 'https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)', 'https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92', 'https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46823', 'https://www.cve.org/CVERecord?id=CVE-2024-46823'], 'PublishedDate': '2024-09-27T13:15:14.897Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46825', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46825', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check\n\nThe lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is\nnormally called with input from the firmware, so it should use\nIWL_FW_CHECK() instead of WARN_ON().', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46825', 'https://git.kernel.org/linus/9215152677d4b321801a92b06f6d5248b2b4465f (6.11-rc1)', 'https://git.kernel.org/stable/c/3cca098c91391b3fa48142bfda57048b985c87f6', 'https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33', 'https://git.kernel.org/stable/c/9215152677d4b321801a92b06f6d5248b2b4465f', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46825-a5aa@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46825', 'https://www.cve.org/CVERecord?id=CVE-2024-46825'], 'PublishedDate': '2024-09-27T13:15:15.027Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46826', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46826', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ELF: fix kernel.randomize_va_space double read', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses "randomize_va_space" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46826', 'https://git.kernel.org/linus/2a97388a807b6ab5538aa8f8537b2463c6988bd2 (6.11-rc1)', 'https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7', 'https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27', 'https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2', 'https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1', 'https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46826-7b80@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46826', 'https://www.cve.org/CVERecord?id=CVE-2024-46826'], 'PublishedDate': '2024-09-27T13:15:15.087Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46827', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46827', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: ath12k: fix firmware crash due to invalid peer nss', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46827', 'https://git.kernel.org/linus/db163a463bb93cd3e37e1e7b10b9726fb6f95857 (6.11-rc1)', 'https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154', 'https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c', 'https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46827-0300@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46827', 'https://www.cve.org/CVERecord?id=CVE-2024-46827'], 'PublishedDate': '2024-09-27T13:15:15.153Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46830', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46830', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: KVM: x86: Acquire kvm-&gt;srcu when handling KVM_SET_VCPU_EVENTS', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU.  I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems.  Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n  #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0x7f/0x90\n  lockdep_rcu_suspicious+0x13f/0x1a0\n  kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n  kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n  nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n  load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n  vmx_leave_nested+0x30/0x40 [kvm_intel]\n  kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n  kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n  ? mark_held_locks+0x49/0x70\n  ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n  ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  kvm_vcpu_ioctl+0x497/0x970 [kvm]\n  ? lock_acquire+0xba/0x2d0\n  ? find_held_lock+0x2b/0x80\n  ? do_user_addr_fault+0x40c/0x6f0\n  ? lock_release+0xb7/0x270\n  __x64_sys_ioctl+0x82/0xb0\n  do_syscall_64+0x6c/0x170\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n  </TASK>", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46830', 'https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)', 'https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1', 'https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e', 'https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9', 'https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228', 'https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46830', 'https://www.cve.org/CVERecord?id=CVE-2024-46830'], 'PublishedDate': '2024-09-27T13:15:15.38Z', 'LastModifiedDate': '2024-09-30T12:45:57.823Z'}, {'VulnerabilityID': 'CVE-2024-46833', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46833', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: hns3: void array out of bound when loop tnl_num', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46833', 'https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)', 'https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c', 'https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46833', 'https://www.cve.org/CVERecord?id=CVE-2024-46833'], 'PublishedDate': '2024-09-27T13:15:15.593Z', 'LastModifiedDate': '2024-10-09T15:54:38.123Z'}, {'VulnerabilityID': 'CVE-2024-46834', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46834', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool: fail closed if we can&#39;t get max channel used in indirection tables', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can\'t get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with\nactive RSS contexts") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can\'t fetch\nthe indirection table or when we can\'t allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46834', 'https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)', 'https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036', 'https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f', 'https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46834', 'https://www.cve.org/CVERecord?id=CVE-2024-46834'], 'PublishedDate': '2024-09-27T13:15:15.66Z', 'LastModifiedDate': '2024-10-09T15:57:03.037Z'}, {'VulnerabilityID': 'CVE-2024-46835', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46835', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amdgpu: Fix smatch static checker warning', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev->gfx.imu.funcs could be NULL', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46835', 'https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)', 'https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a', 'https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027', 'https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0', 'https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46835', 'https://www.cve.org/CVERecord?id=CVE-2024-46835'], 'PublishedDate': '2024-09-27T13:15:15.72Z', 'LastModifiedDate': '2024-10-02T14:24:18.93Z'}, {'VulnerabilityID': 'CVE-2024-46836', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46836', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46836', 'https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)', 'https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af', 'https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a', 'https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c', 'https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199', 'https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46836', 'https://www.cve.org/CVERecord?id=CVE-2024-46836'], 'PublishedDate': '2024-09-27T13:15:15.78Z', 'LastModifiedDate': '2024-10-09T15:47:55.187Z'}, {'VulnerabilityID': 'CVE-2024-46841', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46841', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: btrfs: don&#39;t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()\n\nWe handle errors here properly, ENOMEM isn't fatal, return the error.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46841', 'https://git.kernel.org/linus/a580fb2c3479d993556e1c31b237c9e5be4944a3 (6.11-rc1)', 'https://git.kernel.org/stable/c/704c359b4093a2af650a20eaa030c435d7c30f91', 'https://git.kernel.org/stable/c/a580fb2c3479d993556e1c31b237c9e5be4944a3', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46841-7572@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46841', 'https://www.cve.org/CVERecord?id=CVE-2024-46841'], 'PublishedDate': '2024-09-27T13:15:16.13Z', 'LastModifiedDate': '2024-10-08T18:17:07.87Z'}, {'VulnerabilityID': 'CVE-2024-46842', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46842', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status.  The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code.  During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout.  If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46842', 'https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)', 'https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58', 'https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48', 'https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46842', 'https://www.cve.org/CVERecord?id=CVE-2024-46842'], 'PublishedDate': '2024-09-27T13:15:16.19Z', 'LastModifiedDate': '2024-10-08T18:22:24.997Z'}, {'VulnerabilityID': 'CVE-2024-46843', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46843', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: ufs: core: Remove SCSI host only if added', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46843', 'https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)', 'https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed', 'https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536', 'https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc', 'https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46843', 'https://www.cve.org/CVERecord?id=CVE-2024-46843'], 'PublishedDate': '2024-09-27T13:15:16.25Z', 'LastModifiedDate': '2024-10-08T18:23:52.423Z'}, {'VulnerabilityID': 'CVE-2024-46848', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: perf/x86/intel: Limit the period on Haswell', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n  WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n  intel_pmu_handle_irq+0x285/0x370\n  Call Trace:\n   <NMI>\n   ? __warn+0xa4/0x220\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? __report_bug+0x123/0x130\n   ? intel_pmu_handle_irq+0x285/0x370\n   ? report_bug+0x3e/0xa0\n   ? handle_bug+0x3c/0x70\n   ? exc_invalid_op+0x18/0x50\n   ? asm_exc_invalid_op+0x1a/0x20\n   ? irq_work_claim+0x1e/0x40\n   ? intel_pmu_handle_irq+0x285/0x370\n   perf_event_nmi_handler+0x3d/0x60\n   nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period < 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46848', 'https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)', 'https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d', 'https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468', 'https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b', 'https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d', 'https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46848', 'https://www.cve.org/CVERecord?id=CVE-2024-46848'], 'PublishedDate': '2024-09-27T13:15:16.657Z', 'LastModifiedDate': '2024-10-04T15:23:35.287Z'}, {'VulnerabilityID': 'CVE-2024-46849', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46849', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ASoC: meson: axg-card: fix &#39;use-after-free&#39;', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46849', 'https://git.kernel.org/linus/4f9a71435953f941969a4f017e2357db62d85a86 (6.11)', 'https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86', 'https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d', 'https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607', 'https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037', 'https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29', 'https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a', 'https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46849', 'https://www.cve.org/CVERecord?id=CVE-2024-46849'], 'PublishedDate': '2024-09-27T13:15:16.723Z', 'LastModifiedDate': '2024-10-17T14:15:07.75Z'}, {'VulnerabilityID': 'CVE-2024-46852', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46852', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: dma-buf: heaps: Fix off-by-one in CMA heap fault handler', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix off-by-one in CMA heap fault handler\n\nUntil VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:\nDon\'t track CMA dma-buf pages under RssFile") it was possible to obtain\na mapping larger than the buffer size via mremap and bypass the overflow\ncheck in dma_buf_mmap_internal. When using such a mapping to attempt to\nfault past the end of the buffer, the CMA heap fault handler also checks\nthe fault offset against the buffer size, but gets the boundary wrong by\n1. Fix the boundary check so that we don\'t read off the end of the pages\narray and insert an arbitrary page in the mapping.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-193'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46852', 'https://git.kernel.org/linus/ea5ff5d351b520524019f7ff7f9ce418de2dad87 (6.11)', 'https://git.kernel.org/stable/c/007180fcb6cc4a93211d4cc45fef3f5ccccd56ae', 'https://git.kernel.org/stable/c/79cce5e81d20fa9ad553be439d665ac3302d3c95', 'https://git.kernel.org/stable/c/84175dc5b2c932266a50c04e5ce342c30f817a2f', 'https://git.kernel.org/stable/c/e79050882b857c37634baedbdcf7c2047c24cbff', 'https://git.kernel.org/stable/c/ea5ff5d351b520524019f7ff7f9ce418de2dad87', 'https://git.kernel.org/stable/c/eb7fc8b65cea22f9038c52398c8b22849e9620ea', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46852-91a5@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46852', 'https://www.cve.org/CVERecord?id=CVE-2024-46852'], 'PublishedDate': '2024-09-27T13:15:16.917Z', 'LastModifiedDate': '2024-10-17T14:15:07.887Z'}, {'VulnerabilityID': 'CVE-2024-46853', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46853', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: nxp-fspi: fix the KASAN report out-of-bounds bug', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[   36.926103] ==================================================================\n[   36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[   36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[   36.946721]\n[   36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[   36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[   36.961260] Call trace:\n[   36.963723]  dump_backtrace+0x90/0xe8\n[   36.967414]  show_stack+0x18/0x24\n[   36.970749]  dump_stack_lvl+0x78/0x90\n[   36.974451]  print_report+0x114/0x5cc\n[   36.978151]  kasan_report+0xa4/0xf0\n[   36.981670]  __asan_report_load_n_noabort+0x1c/0x28\n[   36.986587]  nxp_fspi_exec_op+0x26ec/0x2838\n[   36.990800]  spi_mem_exec_op+0x8ec/0xd30\n[   36.994762]  spi_mem_no_dirmap_read+0x190/0x1e0\n[   36.999323]  spi_mem_dirmap_write+0x238/0x32c\n[   37.003710]  spi_nor_write_data+0x220/0x374\n[   37.007932]  spi_nor_write+0x110/0x2e8\n[   37.011711]  mtd_write_oob_std+0x154/0x1f0\n[   37.015838]  mtd_write_oob+0x104/0x1d0\n[   37.019617]  mtd_write+0xb8/0x12c\n[   37.022953]  mtdchar_write+0x224/0x47c\n[   37.026732]  vfs_write+0x1e4/0x8c8\n[   37.030163]  ksys_write+0xec/0x1d0\n[   37.033586]  __arm64_sys_write+0x6c/0x9c\n[   37.037539]  invoke_syscall+0x6c/0x258\n[   37.041327]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.046244]  do_el0_svc+0x44/0x5c\n[   37.049589]  el0_svc+0x38/0x78\n[   37.052681]  el0t_64_sync_handler+0x13c/0x158\n[   37.057077]  el0t_64_sync+0x190/0x194\n[   37.060775]\n[   37.062274] Allocated by task 455:\n[   37.065701]  kasan_save_stack+0x2c/0x54\n[   37.069570]  kasan_save_track+0x20/0x3c\n[   37.073438]  kasan_save_alloc_info+0x40/0x54\n[   37.077736]  __kasan_kmalloc+0xa0/0xb8\n[   37.081515]  __kmalloc_noprof+0x158/0x2f8\n[   37.085563]  mtd_kmalloc_up_to+0x120/0x154\n[   37.089690]  mtdchar_write+0x130/0x47c\n[   37.093469]  vfs_write+0x1e4/0x8c8\n[   37.096901]  ksys_write+0xec/0x1d0\n[   37.100332]  __arm64_sys_write+0x6c/0x9c\n[   37.104287]  invoke_syscall+0x6c/0x258\n[   37.108064]  el0_svc_common.constprop.0+0x160/0x22c\n[   37.112972]  do_el0_svc+0x44/0x5c\n[   37.116319]  el0_svc+0x38/0x78\n[   37.119401]  el0t_64_sync_handler+0x13c/0x158\n[   37.123788]  el0t_64_sync+0x190/0x194\n[   37.127474]\n[   37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[   37.128977]  which belongs to the cache kmalloc-8 of size 8\n[   37.141177] The buggy address is located 0 bytes inside of\n[   37.141177]  allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[   37.153465]\n[   37.154971] The buggy address belongs to the physical page:\n[   37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[   37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[   37.175149] page_type: 0xfdffffff(slab)\n[   37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[   37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[   37.194553] page dumped because: kasan: bad access detected\n[   37.200144]\n[   37.201647] Memory state around the buggy address:\n[   37.206460]  ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[   37.213701]  ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[   37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[   37.228186]                                ^\n[   37.232473]  ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.239718]  ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[   37.246962] ==============================================================\n---truncated---', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46853', 'https://git.kernel.org/linus/2a8787c1cdc7be24fdd8953ecd1a8743a1006235 (6.11)', 'https://git.kernel.org/stable/c/09af8b0ba70072be831f3ec459f4063d570f9e24', 'https://git.kernel.org/stable/c/2a8787c1cdc7be24fdd8953ecd1a8743a1006235', 'https://git.kernel.org/stable/c/491f9646f7ac31af5fca71be1a3e5eb8aa7663ad', 'https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad', 'https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87', 'https://git.kernel.org/stable/c/d1a1dfcec77c57b1181da93d11a3db1bc4eefa97', 'https://lore.kernel.org/linux-cve-announce/2024092742-CVE-2024-46853-ab04@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46853', 'https://www.cve.org/CVERecord?id=CVE-2024-46853'], 'PublishedDate': '2024-09-27T13:15:16.997Z', 'LastModifiedDate': '2024-10-17T14:15:07.993Z'}, {'VulnerabilityID': 'CVE-2024-46854', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46854', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net: dpaa: Pad packets to ETH_ZLEN', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46854', 'https://git.kernel.org/linus/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 (6.11)', 'https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133', 'https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a', 'https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83', 'https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0', 'https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2', 'https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46854-3404@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46854', 'https://www.cve.org/CVERecord?id=CVE-2024-46854'], 'PublishedDate': '2024-09-27T13:15:17.063Z', 'LastModifiedDate': '2024-10-17T14:15:08.107Z'}, {'VulnerabilityID': 'CVE-2024-46855', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46855', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nft_socket: fix sk refcount leaks', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46855', 'https://git.kernel.org/linus/8b26ff7af8c32cb4148b3e147c52f9e4c695209c (6.11)', 'https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11', 'https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896', 'https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715', 'https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c', 'https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46855-4382@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46855', 'https://www.cve.org/CVERecord?id=CVE-2024-46855'], 'PublishedDate': '2024-09-27T13:15:17.133Z', 'LastModifiedDate': '2024-10-17T14:15:12.79Z'}, {'VulnerabilityID': 'CVE-2024-46857', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46857', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: net/mlx5: Fix bridge mode operations when there are no VFs', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[  168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[  168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[  168.976037] Call Trace:\n[  168.976188]  <TASK>\n[  168.978620]  _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[  168.979074]  mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[  168.979471]  rtnl_bridge_setlink+0xe9/0x1f0\n[  168.979714]  rtnetlink_rcv_msg+0x159/0x400\n[  168.980451]  netlink_rcv_skb+0x54/0x100\n[  168.980675]  netlink_unicast+0x241/0x360\n[  168.980918]  netlink_sendmsg+0x1f6/0x430\n[  168.981162]  ____sys_sendmsg+0x3bb/0x3f0\n[  168.982155]  ___sys_sendmsg+0x88/0xd0\n[  168.985036]  __sys_sendmsg+0x59/0xa0\n[  168.985477]  do_syscall_64+0x79/0x150\n[  168.987273]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw->fdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46857', 'https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)', 'https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31', 'https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985', 'https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50', 'https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc', 'https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46857', 'https://www.cve.org/CVERecord?id=CVE-2024-46857'], 'PublishedDate': '2024-09-27T13:15:17.277Z', 'LastModifiedDate': '2024-10-01T17:10:29.657Z'}, {'VulnerabilityID': 'CVE-2024-46858', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46858', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mptcp: pm: Fix uaf in __timer_delete_sync', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n     CPU1\t\t\t\tCPU2\n     ====                               ====\n     net_rx_action\n     napi_poll                          netlink_sendmsg\n     __napi_poll                        netlink_unicast\n     process_backlog                    netlink_unicast_kernel\n     __netif_receive_skb                genl_rcv\n     __netif_receive_skb_one_core       netlink_rcv_skb\n     NF_HOOK                            genl_rcv_msg\n     ip_local_deliver_finish            genl_family_rcv_msg\n     ip_protocol_deliver_rcu            genl_family_rcv_msg_doit\n     tcp_v4_rcv                         mptcp_pm_nl_flush_addrs_doit\n     tcp_v4_do_rcv                      mptcp_nl_remove_addrs_list\n     tcp_rcv_established                mptcp_pm_remove_addrs_and_subflows\n     tcp_data_queue                     remove_anno_list_by_saddr\n     mptcp_incoming_options             mptcp_pm_del_add_timer\n     mptcp_pm_del_add_timer             kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by "pm.lock", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of "entry->add_timer".\n\nMove list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar "entry->x" uaf.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46858', 'https://git.kernel.org/linus/b4cd80b0338945a94972ac3ed54f8338d2da2076 (6.11)', 'https://git.kernel.org/stable/c/0e7814b028cd50b3ff79659d23dfa9da6a1e75e1', 'https://git.kernel.org/stable/c/12134a652b0a10064844ea235173e70246eba6dc', 'https://git.kernel.org/stable/c/3554482f4691571fc4b5490c17ae26896e62171c', 'https://git.kernel.org/stable/c/6452b162549c7f9ef54655d3fb9977b9192e6e5b', 'https://git.kernel.org/stable/c/67409b358500c71632116356a0b065f112d7b707', 'https://git.kernel.org/stable/c/b4cd80b0338945a94972ac3ed54f8338d2da2076', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46858-dab6@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46858', 'https://www.cve.org/CVERecord?id=CVE-2024-46858'], 'PublishedDate': '2024-09-27T13:15:17.353Z', 'LastModifiedDate': '2024-10-17T14:15:13.017Z'}, {'VulnerabilityID': 'CVE-2024-46859', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46859', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46859', 'https://git.kernel.org/linus/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 (6.11)', 'https://git.kernel.org/stable/c/6821a82616f60aa72c5909b3e252ad97fb9f7e2a', 'https://git.kernel.org/stable/c/9291fadbd2720a869b1d2fcf82305648e2e62a16', 'https://git.kernel.org/stable/c/b38c19783286a71693c2194ed1b36665168c09c4', 'https://git.kernel.org/stable/c/b7c2f692307fe704be87ea80d7328782b33c3cef', 'https://git.kernel.org/stable/c/f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46859-e785@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46859', 'https://www.cve.org/CVERecord?id=CVE-2024-46859'], 'PublishedDate': '2024-09-27T13:15:17.43Z', 'LastModifiedDate': '2024-10-17T14:15:13.183Z'}, {'VulnerabilityID': 'CVE-2024-46860', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46860', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif->phy is already NULL so we cannot use it here.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46860', 'https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)', 'https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3', 'https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553', 'https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46860', 'https://www.cve.org/CVERecord?id=CVE-2024-46860'], 'PublishedDate': '2024-09-27T13:15:17.493Z', 'LastModifiedDate': '2024-10-02T14:04:38.863Z'}, {'VulnerabilityID': 'CVE-2024-46861', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46861', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usbnet: ipheth: do not stop RX on failing RX callback', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.', 'Severity': 'MEDIUM', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46861', 'https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)', 'https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b', 'https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c', 'https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395', 'https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46861', 'https://www.cve.org/CVERecord?id=CVE-2024-46861'], 'PublishedDate': '2024-09-27T13:15:17.563Z', 'LastModifiedDate': '2024-10-03T15:36:06.543Z'}, {'VulnerabilityID': 'CVE-2024-46865', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46865', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: fou: fix initialization of grc', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfou: fix initialization of grc\n\nThe grc must be initialize first. There can be a condition where if\nfou is NULL, goto out will be executed and grc would be used\nuninitialized.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-908'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46865', 'https://git.kernel.org/linus/4c8002277167125078e6b9b90137bdf443ebaa08 (6.11)', 'https://git.kernel.org/stable/c/16ff0895283058b0f96d4fe277aa25ee096f0ea8', 'https://git.kernel.org/stable/c/392f6a97fcbecc64f0c00058b2db5bb0e4b8cc3e', 'https://git.kernel.org/stable/c/4c8002277167125078e6b9b90137bdf443ebaa08', 'https://git.kernel.org/stable/c/5d537b8d900514509622ce92330b70d2e581d409', 'https://git.kernel.org/stable/c/7ae890ee19479eeeb87724cca8430b5cb3660c74', 'https://git.kernel.org/stable/c/aca06c617c83295f0caa486ad608fbef7bdc11e8', 'https://lore.kernel.org/linux-cve-announce/2024092745-CVE-2024-46865-c6a7@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46865', 'https://www.cve.org/CVERecord?id=CVE-2024-46865'], 'PublishedDate': '2024-09-27T13:15:17.82Z', 'LastModifiedDate': '2024-10-17T14:15:13.327Z'}, {'VulnerabilityID': 'CVE-2024-46870', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46870', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Disable DMCUB timeout for DCN35', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46870', 'https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83', 'https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46870', 'https://www.cve.org/CVERecord?id=CVE-2024-46870'], 'PublishedDate': '2024-10-09T14:15:07.463Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-46871', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-46871', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-46871', 'https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37', 'https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7', 'https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0', 'https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98', 'https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-46871', 'https://www.cve.org/CVERecord?id=CVE-2024-46871'], 'PublishedDate': '2024-10-09T14:15:07.533Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47658', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47658', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: crypto: stm32/cryp - call finalize with bh disabled', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47658', 'https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce', 'https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447', 'https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a', 'https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47658', 'https://www.cve.org/CVERecord?id=CVE-2024-47658'], 'PublishedDate': '2024-10-09T14:15:07.603Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47661', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47661', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT & HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47661', 'https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec', 'https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0', 'https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47661', 'https://www.cve.org/CVERecord?id=CVE-2024-47661'], 'PublishedDate': '2024-10-09T15:15:15.02Z', 'LastModifiedDate': '2024-10-15T16:03:29.26Z'}, {'VulnerabilityID': 'CVE-2024-47662', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47662', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47662', 'https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356', 'https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57', 'https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47662', 'https://www.cve.org/CVERecord?id=CVE-2024-47662'], 'PublishedDate': '2024-10-09T15:15:15.08Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47664', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47664', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47664', 'https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43', 'https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c', 'https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc', 'https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47664', 'https://www.cve.org/CVERecord?id=CVE-2024-47664'], 'PublishedDate': '2024-10-09T15:15:15.223Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47666', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47666', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: scsi: pm80xx: Set phy-&gt;enable_completion only when we wait for it', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy->enable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47666', 'https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89', 'https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea', 'https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84', 'https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47666', 'https://www.cve.org/CVERecord?id=CVE-2024-47666'], 'PublishedDate': '2024-10-09T15:15:15.353Z', 'LastModifiedDate': '2024-10-10T12:51:56.987Z'}, {'VulnerabilityID': 'CVE-2024-47670', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47670', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ocfs2: add bounds checking to ocfs2_xattr_find_entry()', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_xattr_find_entry()\n\nAdd a paranoia check to make sure it doesn't stray beyond valid memory\nregion containing ocfs2 xattr entries when scanning for a match.  It will\nprevent out-of-bound access in case of crafted images.", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47670', 'https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39', 'https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c', 'https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd', 'https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77', 'https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f', 'https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e73264d6', 'https://lore.kernel.org/linux-cve-announce/2024100919-CVE-2024-47670-53f3@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47670', 'https://www.cve.org/CVERecord?id=CVE-2024-47670'], 'PublishedDate': '2024-10-09T15:15:15.673Z', 'LastModifiedDate': '2024-10-17T14:15:13.56Z'}, {'VulnerabilityID': 'CVE-2024-47671', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: USB: usbtmc: prevent kernel-usb-infoleak', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: prevent kernel-usb-infoleak\n\nThe syzbot reported a kernel-usb-infoleak in usbtmc_write,\nwe need to clear the structure before filling fields.', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47671', 'https://git.kernel.org/stable/c/0c927dfc0b9bd177f7ab6ee59ef0c4ea06c110a7', 'https://git.kernel.org/stable/c/16e0ab9ed3ae7d19ca8ee718ba4e09d5c0f909ca', 'https://git.kernel.org/stable/c/51297ef7ad7824ad577337f273cd092e81a9fa08', 'https://git.kernel.org/stable/c/625fa77151f00c1bd00d34d60d6f2e710b3f9aad', 'https://git.kernel.org/stable/c/6c7fc36da021b13c34c572a26ba336cd102418f8', 'https://git.kernel.org/stable/c/ba6269e187aa1b1f20faf3c458831a0d6350304b', 'https://git.kernel.org/stable/c/e872738e670ddd63e19f22d0d784f0bdf26ecba5', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47671-6c52@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47671', 'https://www.cve.org/CVERecord?id=CVE-2024-47671'], 'PublishedDate': '2024-10-09T15:15:15.753Z', 'LastModifiedDate': '2024-10-17T14:15:13.697Z'}, {'VulnerabilityID': 'CVE-2024-47672', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47672', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "kernel: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead", 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can't expect anything from the firmware after it's declared dead.\n\nDon't call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]", 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47672', 'https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669', 'https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9', 'https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1', 'https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e', 'https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3', 'https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47672-9bef@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47672', 'https://www.cve.org/CVERecord?id=CVE-2024-47672'], 'PublishedDate': '2024-10-09T15:15:15.827Z', 'LastModifiedDate': '2024-10-17T14:15:13.78Z'}, {'VulnerabilityID': 'CVE-2024-47673', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47673', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pause TCM when the firmware is stopped\n\nNot doing so will make us send a host command to the transport while the\nfirmware is not alive, which will trigger a WARNING.\n\nbad state = 0\nWARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nRIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]\nCall Trace:\n <TASK>\n iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]\n iwl_mvm_config_scan+0x198/0x260 [iwlmvm]\n iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]\n iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]\n process_one_work+0x29e/0x640\n worker_thread+0x2df/0x690\n ? rescuer_thread+0x540/0x540\n kthread+0x192/0x1e0\n ? set_kthread_struct+0x90/0x90\n ret_from_fork+0x22/0x30', 'Severity': 'MEDIUM', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47673', 'https://git.kernel.org/stable/c/0668ebc8c2282ca1e7eb96092a347baefffb5fe7', 'https://git.kernel.org/stable/c/2c61b561baf92a2860c76c2302a62169e22c21cc', 'https://git.kernel.org/stable/c/55086c97a55d781b04a2667401c75ffde190135c', 'https://git.kernel.org/stable/c/5948a191906b54e10f02f6b7a7670243a39f99f4', 'https://git.kernel.org/stable/c/a15df5f37fa3a8b7a8ec7a339d1e897bc524e28f', 'https://lore.kernel.org/linux-cve-announce/2024100922-CVE-2024-47673-9110@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47673', 'https://www.cve.org/CVERecord?id=CVE-2024-47673'], 'PublishedDate': '2024-10-09T15:15:15.9Z', 'LastModifiedDate': '2024-10-17T14:15:13.853Z'}, {'VulnerabilityID': 'CVE-2024-47674', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-47674', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: mm: avoid leaving partial pfn mappings around in error case', 'Description': "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors.  Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-459'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-47674', 'https://git.kernel.org/linus/79a61cc3fc0466ad2b7b89618a6157785f0293b3 (6.11)', 'https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959', 'https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2', 'https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3', 'https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3', 'https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80', 'https://lore.kernel.org/linux-cve-announce/2024101538-CVE-2024-47674-ba1f@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-47674', 'https://www.cve.org/CVERecord?id=CVE-2024-47674'], 'PublishedDate': '2024-10-15T11:15:13.073Z', 'LastModifiedDate': '2024-10-18T14:50:02.71Z'}, {'VulnerabilityID': 'CVE-2017-0537', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-0537', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V2Score': 2.6, 'V3Score': 4.7}}, 'References': ['http://www.securityfocus.com/bid/96831', 'http://www.securitytracker.com/id/1037968', 'https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0', 'https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t', 'https://source.android.com/security/bulletin/2017-01-01.html', 'https://source.android.com/security/bulletin/2017-03-01', 'https://source.android.com/security/bulletin/2017-03-01.html', 'https://www.cve.org/CVERecord?id=CVE-2017-0537'], 'PublishedDate': '2017-03-08T01:59:03.127Z', 'LastModifiedDate': '2017-07-17T13:18:15.89Z'}, {'VulnerabilityID': 'CVE-2017-13165', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13165', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.', 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a', 'https://source.android.com/security/bulletin/pixel/2017-12-01', 'https://www.cve.org/CVERecord?id=CVE-2017-13165'], 'PublishedDate': '2017-12-06T14:29:01.333Z', 'LastModifiedDate': '2019-10-03T00:03:26.223Z'}, {'VulnerabilityID': 'CVE-2017-13693', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2017-13693', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ACPI operand cache leak in dsutils.c', 'Description': 'The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.', 'Severity': 'LOW', 'CweIDs': ['CWE-200'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:N/A:N', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/100502', 'https://access.redhat.com/security/cve/CVE-2017-13693', 'https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732', 'https://nvd.nist.gov/vuln/detail/CVE-2017-13693', 'https://patchwork.kernel.org/patch/9919053/', 'https://www.cve.org/CVERecord?id=CVE-2017-13693'], 'PublishedDate': '2017-08-25T08:29:00.273Z', 'LastModifiedDate': '2017-09-20T14:51:00.41Z'}, {'VulnerabilityID': 'CVE-2018-1121', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-1121', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'procps: process hiding through race condition enumerating /proc', 'Description': "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-367'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 4.3, 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L', 'V3Score': 3.9}}, 'References': ['http://seclists.org/oss-sec/2018/q2/122', 'http://www.securityfocus.com/bid/104214', 'https://access.redhat.com/security/cve/CVE-2018-1121', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1121', 'https://www.cve.org/CVERecord?id=CVE-2018-1121', 'https://www.exploit-db.com/exploits/44806/', 'https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt'], 'PublishedDate': '2018-06-13T20:29:00.337Z', 'LastModifiedDate': '2020-06-30T16:15:14.393Z'}, {'VulnerabilityID': 'CVE-2018-12928', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12928', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko', 'Description': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5}}, 'References': ['http://www.securityfocus.com/bid/104593', 'https://access.redhat.com/security/cve/CVE-2018-12928', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384', 'https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ', 'https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/', 'https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12928', 'https://www.cve.org/CVERecord?id=CVE-2018-12928'], 'PublishedDate': '2018-06-28T14:29:00.353Z', 'LastModifiedDate': '2018-08-21T11:55:37.35Z'}, {'VulnerabilityID': 'CVE-2018-12929', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12929', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko', 'Description': 'ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12929', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12929', 'https://www.cve.org/CVERecord?id=CVE-2018-12929'], 'PublishedDate': '2018-06-28T14:29:00.417Z', 'LastModifiedDate': '2019-03-26T13:35:51.317Z'}, {'VulnerabilityID': 'CVE-2018-12930', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12930', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko', 'Description': 'ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12930', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12930', 'https://www.cve.org/CVERecord?id=CVE-2018-12930'], 'PublishedDate': '2018-06-28T14:29:00.463Z', 'LastModifiedDate': '2019-03-26T13:35:37.397Z'}, {'VulnerabilityID': 'CVE-2018-12931', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-12931', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko', 'Description': 'ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['http://www.securityfocus.com/bid/104588', 'https://access.redhat.com/errata/RHSA-2019:0641', 'https://access.redhat.com/security/cve/CVE-2018-12931', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403', 'https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2', 'https://nvd.nist.gov/vuln/detail/CVE-2018-12931', 'https://www.cve.org/CVERecord?id=CVE-2018-12931'], 'PublishedDate': '2018-06-28T14:29:00.51Z', 'LastModifiedDate': '2019-03-26T13:35:20.957Z'}, {'VulnerabilityID': 'CVE-2019-14899', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-14899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel', 'Description': 'A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V2Vector': 'AV:A/AC:M/Au:S/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 4.9, 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['http://seclists.org/fulldisclosure/2020/Dec/32', 'http://seclists.org/fulldisclosure/2020/Jul/23', 'http://seclists.org/fulldisclosure/2020/Jul/24', 'http://seclists.org/fulldisclosure/2020/Jul/25', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://www.openwall.com/lists/oss-security/2020/08/13/2', 'http://www.openwall.com/lists/oss-security/2020/10/07/3', 'http://www.openwall.com/lists/oss-security/2021/07/05/1', 'https://access.redhat.com/security/cve/CVE-2019-14899', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899', 'https://nvd.nist.gov/vuln/detail/CVE-2019-14899', 'https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/', 'https://support.apple.com/kb/HT211288', 'https://support.apple.com/kb/HT211289', 'https://support.apple.com/kb/HT211290', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211931', 'https://www.cve.org/CVERecord?id=CVE-2019-14899', 'https://www.openwall.com/lists/oss-security/2019/12/05/1'], 'PublishedDate': '2019-12-11T15:15:14.263Z', 'LastModifiedDate': '2023-03-01T16:40:04.14Z'}, {'VulnerabilityID': 'CVE-2019-15213', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-15213', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c', 'Description': 'An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:N/I:N/A:C', 'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 4.9, 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 4.3}}, 'References': ['http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html', 'http://www.openwall.com/lists/oss-security/2019/08/20/2', 'https://access.redhat.com/security/cve/CVE-2019-15213', 'https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7', 'https://linux.oracle.com/cve/CVE-2019-15213.html', 'https://linux.oracle.com/errata/ELSA-2019-4872.html', 'https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/', 'https://nvd.nist.gov/vuln/detail/CVE-2019-15213', 'https://security.netapp.com/advisory/ntap-20190905-0002/', 'https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced', 'https://www.cve.org/CVERecord?id=CVE-2019-15213'], 'PublishedDate': '2019-08-19T22:15:11.253Z', 'LastModifiedDate': '2023-11-09T14:44:33.733Z'}, {'VulnerabilityID': 'CVE-2019-19378', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19378', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19378', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19378', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19378'], 'PublishedDate': '2019-11-29T17:15:11.84Z', 'LastModifiedDate': '2020-01-03T11:15:14.997Z'}, {'VulnerabilityID': 'CVE-2019-19814', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2019-19814', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c', 'Description': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.', 'Severity': 'LOW', 'CweIDs': ['CWE-787'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H', 'V2Score': 9.3, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H', 'V3Score': 7.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2019-19814', 'https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814', 'https://nvd.nist.gov/vuln/detail/CVE-2019-19814', 'https://security.netapp.com/advisory/ntap-20200103-0001/', 'https://www.cve.org/CVERecord?id=CVE-2019-19814'], 'PublishedDate': '2019-12-17T06:15:12.843Z', 'LastModifiedDate': '2020-01-03T11:15:16.48Z'}, {'VulnerabilityID': 'CVE-2020-14304', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-14304', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: ethtool when reading eeprom of device could lead to memory leak', 'Description': "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.", 'Severity': 'LOW', 'CweIDs': ['CWE-460', 'CWE-755'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:N/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V2Score': 2.1, 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-14304', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304', 'https://linux.oracle.com/cve/CVE-2020-14304.html', 'https://linux.oracle.com/errata/ELSA-2021-9410.html', 'https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/', 'https://nvd.nist.gov/vuln/detail/CVE-2020-14304', 'https://www.cve.org/CVERecord?id=CVE-2020-14304'], 'PublishedDate': '2020-09-15T20:15:13.103Z', 'LastModifiedDate': '2023-02-12T22:15:16.107Z'}, {'VulnerabilityID': 'CVE-2020-35501', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2020-35501', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability', 'Description': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'Severity': 'LOW', 'CweIDs': ['CWE-863'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V2Score': 3.6, 'V3Score': 3.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', 'V3Score': 3.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2020-35501', 'https://bugzilla.redhat.com/show_bug.cgi?id=1908577', 'https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html', 'https://nvd.nist.gov/vuln/detail/CVE-2020-35501', 'https://www.cve.org/CVERecord?id=CVE-2020-35501', 'https://www.openwall.com/lists/oss-security/2021/02/18/1'], 'PublishedDate': '2022-03-30T16:15:08.673Z', 'LastModifiedDate': '2022-12-02T19:54:37.647Z'}, {'VulnerabilityID': 'CVE-2021-26934', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-26934', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...', 'Description': "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", 'Severity': 'LOW', 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 4.6, 'V3Score': 7.8}}, 'References': ['http://xenbits.xen.org/xsa/advisory-363.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/', 'https://nvd.nist.gov/vuln/detail/CVE-2021-26934', 'https://security.netapp.com/advisory/ntap-20210326-0001/', 'https://www.cve.org/CVERecord?id=CVE-2021-26934', 'https://www.openwall.com/lists/oss-security/2021/02/16/2', 'https://xenbits.xen.org/xsa/advisory-363.html'], 'PublishedDate': '2021-02-17T02:15:13.143Z', 'LastModifiedDate': '2023-11-07T03:31:50.59Z'}, {'VulnerabilityID': 'CVE-2022-3114', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-3114', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: clk: imx: NULL pointer dereference in imx_register_uart_clocks()', 'Description': 'An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.', 'Severity': 'LOW', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-3114', 'https://bugzilla.redhat.com/show_bug.cgi?id=2153054', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=ed713e2bc093239ccd380c2ce8ae9e4162f5c037', 'https://nvd.nist.gov/vuln/detail/CVE-2022-3114', 'https://www.cve.org/CVERecord?id=CVE-2022-3114'], 'PublishedDate': '2022-12-14T21:15:12.783Z', 'LastModifiedDate': '2022-12-16T21:23:11.37Z'}, {'VulnerabilityID': 'CVE-2022-41848', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-41848', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: Race condition between mgslpc_ioctl and mgslpc_detach', 'Description': 'drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.2}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-41848', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c', 'https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270', 'https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270', 'https://nvd.nist.gov/vuln/detail/CVE-2022-41848', 'https://www.cve.org/CVERecord?id=CVE-2022-41848'], 'PublishedDate': '2022-09-30T06:15:11.58Z', 'LastModifiedDate': '2023-11-07T03:53:02.36Z'}, {'VulnerabilityID': 'CVE-2022-44032', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44032', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: Race between cmm_open() and cm4000_detach() result in UAF', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44032', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/', 'https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/', 'https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu/', 'https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44032', 'https://www.cve.org/CVERecord?id=CVE-2022-44032'], 'PublishedDate': '2022-10-30T01:15:08.823Z', 'LastModifiedDate': '2024-08-01T13:42:57.66Z'}, {'VulnerabilityID': 'CVE-2022-44033', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44033', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A race condition between cm4040_open() and reader_detach() may result in UAF', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44033', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/', 'https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/', 'https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/', 'https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44033', 'https://www.cve.org/CVERecord?id=CVE-2022-44033'], 'PublishedDate': '2022-10-30T01:15:08.88Z', 'LastModifiedDate': '2024-03-25T01:15:52.727Z'}, {'VulnerabilityID': 'CVE-2022-44034', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-44034', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Kernel: A use-after-free due to race between scr24x_open()  and scr24x_remove()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().', 'Severity': 'LOW', 'CweIDs': ['CWE-362'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-44034', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15', 'https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/', 'https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/', 'https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-44034', 'https://www.cve.org/CVERecord?id=CVE-2022-44034'], 'PublishedDate': '2022-10-30T01:15:08.937Z', 'LastModifiedDate': '2024-03-25T01:15:52.787Z'}, {'VulnerabilityID': 'CVE-2022-45884', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45884', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_register_device()', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:7549', 'https://access.redhat.com/security/cve/CVE-2022-45884', 'https://bugzilla.redhat.com/2148510', 'https://bugzilla.redhat.com/2148517', 'https://bugzilla.redhat.com/2151956', 'https://bugzilla.redhat.com/2154178', 'https://bugzilla.redhat.com/2224048', 'https://bugzilla.redhat.com/2240249', 'https://bugzilla.redhat.com/2241924', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2148517', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151956', 'https://bugzilla.redhat.com/show_bug.cgi?id=2154178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2224048', 'https://bugzilla.redhat.com/show_bug.cgi?id=2240249', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178', 'https://errata.almalinux.org/8/ALSA-2023-7549.html', 'https://errata.rockylinux.org/RLSA-2023:7549', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3', 'https://linux.oracle.com/cve/CVE-2022-45884.html', 'https://linux.oracle.com/errata/ELSA-2023-7549.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45884', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45884'], 'PublishedDate': '2022-11-25T04:15:09.18Z', 'LastModifiedDate': '2024-03-25T01:15:52.84Z'}, {'VulnerabilityID': 'CVE-2022-45885', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45885', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition occurring in dvb_frontend.c', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-45885', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f', 'https://linux.oracle.com/cve/CVE-2022-45885.html', 'https://linux.oracle.com/errata/ELSA-2023-12207.html', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/', 'https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/', 'https://lore.kernel.org/linux-media/20221117045925.14297-2-imv4bel@gmail.com/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45885', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45885'], 'PublishedDate': '2022-11-25T04:15:09.23Z', 'LastModifiedDate': '2024-03-25T01:15:52.953Z'}, {'VulnerabilityID': 'CVE-2022-45888', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-45888', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: use-after-free due to race condition in drivers/char/xillybus/xillyusb.c', 'Description': 'An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.', 'Severity': 'LOW', 'CweIDs': ['CWE-362', 'CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-45888', 'https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920', 'https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu/', 'https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/', 'https://nvd.nist.gov/vuln/detail/CVE-2022-45888', 'https://security.netapp.com/advisory/ntap-20230113-0006/', 'https://www.cve.org/CVERecord?id=CVE-2022-45888'], 'PublishedDate': '2022-11-25T04:15:09.36Z', 'LastModifiedDate': '2024-03-25T01:15:53.18Z'}, {'VulnerabilityID': 'CVE-2023-33053', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-33053', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': 'Memory corruption in Kernel while parsing metadata.', 'Severity': 'LOW', 'CweIDs': ['CWE-129'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e', 'https://www.cve.org/CVERecord?id=CVE-2023-33053', 'https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin'], 'PublishedDate': '2023-12-05T03:15:11.707Z', 'LastModifiedDate': '2024-04-12T16:15:18.403Z'}, {'VulnerabilityID': 'CVE-2023-4010', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4010', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()', 'Description': 'A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.', 'Severity': 'LOW', 'CweIDs': ['CWE-835'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-4010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2227726', 'https://github.com/wanrenmi/a-usb-kernel-bug', 'https://github.com/wanrenmi/a-usb-kernel-bug/issues/1', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4010', 'https://www.cve.org/CVERecord?id=CVE-2023-4010'], 'PublishedDate': '2023-07-31T17:15:10.277Z', 'LastModifiedDate': '2023-11-07T04:22:02.797Z'}, {'VulnerabilityID': 'CVE-2023-4133', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-4133', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: cxgb4: use-after-free in ch_flower_stats_cb()', 'Description': 'A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.', 'Severity': 'LOW', 'CweIDs': ['CWE-416'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2394', 'https://access.redhat.com/errata/RHSA-2024:2950', 'https://access.redhat.com/errata/RHSA-2024:3138', 'https://access.redhat.com/security/cve/CVE-2023-4133', 'https://bugzilla.redhat.com/1731000', 'https://bugzilla.redhat.com/1746732', 'https://bugzilla.redhat.com/1888726', 'https://bugzilla.redhat.com/1999589', 'https://bugzilla.redhat.com/2039178', 'https://bugzilla.redhat.com/2043520', 'https://bugzilla.redhat.com/2044578', 'https://bugzilla.redhat.com/2150953', 'https://bugzilla.redhat.com/2151959', 'https://bugzilla.redhat.com/2177759', 'https://bugzilla.redhat.com/2179892', 'https://bugzilla.redhat.com/2213132', 'https://bugzilla.redhat.com/2218332', 'https://bugzilla.redhat.com/2219359', 'https://bugzilla.redhat.com/2221039', 'https://bugzilla.redhat.com/2221463', 'https://bugzilla.redhat.com/2221702', 'https://bugzilla.redhat.com/2226777', 'https://bugzilla.redhat.com/2226784', 'https://bugzilla.redhat.com/2226787', 'https://bugzilla.redhat.com/2226788', 'https://bugzilla.redhat.com/2230042', 'https://bugzilla.redhat.com/2231410', 'https://bugzilla.redhat.com/2235306', 'https://bugzilla.redhat.com/2239845', 'https://bugzilla.redhat.com/2239847', 'https://bugzilla.redhat.com/2244720', 'https://bugzilla.redhat.com/2250043', 'https://bugzilla.redhat.com/2253632', 'https://bugzilla.redhat.com/2254961', 'https://bugzilla.redhat.com/2254982', 'https://bugzilla.redhat.com/2255283', 'https://bugzilla.redhat.com/2256490', 'https://bugzilla.redhat.com/2256822', 'https://bugzilla.redhat.com/2257682', 'https://bugzilla.redhat.com/2257979', 'https://bugzilla.redhat.com/2265285', 'https://bugzilla.redhat.com/2265653', 'https://bugzilla.redhat.com/2267695', 'https://bugzilla.redhat.com/2267750', 'https://bugzilla.redhat.com/2267760', 'https://bugzilla.redhat.com/2267761', 'https://bugzilla.redhat.com/2269189', 'https://bugzilla.redhat.com/2269217', 'https://bugzilla.redhat.com/2270836', 'https://bugzilla.redhat.com/2270883', 'https://bugzilla.redhat.com/2272811', 'https://bugzilla.redhat.com/show_bug.cgi?id=1731000', 'https://bugzilla.redhat.com/show_bug.cgi?id=1746732', 'https://bugzilla.redhat.com/show_bug.cgi?id=1888726', 'https://bugzilla.redhat.com/show_bug.cgi?id=1930388', 'https://bugzilla.redhat.com/show_bug.cgi?id=1999589', 'https://bugzilla.redhat.com/show_bug.cgi?id=2039178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2043520', 'https://bugzilla.redhat.com/show_bug.cgi?id=2044578', 'https://bugzilla.redhat.com/show_bug.cgi?id=2150953', 'https://bugzilla.redhat.com/show_bug.cgi?id=2151959', 'https://bugzilla.redhat.com/show_bug.cgi?id=2177759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2179892', 'https://bugzilla.redhat.com/show_bug.cgi?id=2213132', 'https://bugzilla.redhat.com/show_bug.cgi?id=2218332', 'https://bugzilla.redhat.com/show_bug.cgi?id=2219359', 'https://bugzilla.redhat.com/show_bug.cgi?id=2221039', 'https://bugzilla.redhat.com/show_bug.cgi?id=2221463', 'https://bugzilla.redhat.com/show_bug.cgi?id=2221702', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226777', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226784', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2226788', 'https://bugzilla.redhat.com/show_bug.cgi?id=2230042', 'https://bugzilla.redhat.com/show_bug.cgi?id=2231130', 'https://bugzilla.redhat.com/show_bug.cgi?id=2231410', 'https://bugzilla.redhat.com/show_bug.cgi?id=2235306', 'https://bugzilla.redhat.com/show_bug.cgi?id=2239845', 'https://bugzilla.redhat.com/show_bug.cgi?id=2239847', 'https://bugzilla.redhat.com/show_bug.cgi?id=2244720', 'https://bugzilla.redhat.com/show_bug.cgi?id=2250043', 'https://bugzilla.redhat.com/show_bug.cgi?id=2253632', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254961', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254982', 'https://bugzilla.redhat.com/show_bug.cgi?id=2255283', 'https://bugzilla.redhat.com/show_bug.cgi?id=2256490', 'https://bugzilla.redhat.com/show_bug.cgi?id=2256822', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2257979', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265285', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267695', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267750', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267760', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269217', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270836', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270883', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13631', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4204', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45934', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1513', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24023', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28464', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31083', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3567', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37453', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38409', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39189', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39192', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39193', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39194', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39198', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4133', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4244', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42755', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45863', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51780', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52340', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52448', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52574', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52580', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52581', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52620', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6121', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6176', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6915', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0841', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25742', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26602', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26609', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26671', 'https://errata.almalinux.org/8/ALSA-2024-3138.html', 'https://errata.rockylinux.org/RLSA-2024:3138', 'https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)', 'https://linux.oracle.com/cve/CVE-2023-4133.html', 'https://linux.oracle.com/errata/ELSA-2024-3138.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-4133', 'https://www.cve.org/CVERecord?id=CVE-2023-4133'], 'PublishedDate': '2023-08-03T15:15:33.94Z', 'LastModifiedDate': '2024-05-22T17:16:05.99Z'}, {'VulnerabilityID': 'CVE-2024-0564', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0564', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication', 'Description': 'A flaw was found in the Linux kernel\'s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim\'s page. The unmapping time depends on whether it merges with the victim\'s page and additional physical pages are created beyond the KSM\'s "max page share". Through these operations, the attacker can leak the victim\'s page.', 'Severity': 'LOW', 'CweIDs': ['CWE-99', 'CWE-203'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-0564', 'https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2258514', 'https://link.springer.com/conference/wisa', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0564', 'https://wisa.or.kr/accepted', 'https://www.cve.org/CVERecord?id=CVE-2024-0564'], 'PublishedDate': '2024-01-30T15:15:08.687Z', 'LastModifiedDate': '2024-10-16T15:15:14.11Z'}, {'VulnerabilityID': 'CVE-2024-26896', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-26896', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: wifi: wfx: fix memory leak when starting AP', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n    unreferenced object 0xd73d1180 (size 184):\n      comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................\n      backtrace:\n        [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n        [<127bdd74>] __alloc_skb+0x144/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n        [<69954f45>] __sys_sendmsg+0x64/0xa8\n    unreferenced object 0xce087000 (size 1024):\n      comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n      backtrace:\n        [<9a993714>] __kmalloc_track_caller+0x230/0x600\n        [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n        [<a2c61343>] __alloc_skb+0xa0/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy.', 'Severity': 'LOW', 'CweIDs': ['CWE-125'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-26896', 'https://git.kernel.org/linus/b8cfb7c819dd39965136a66fe3a7fde688d976fc (6.9-rc1)', 'https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3', 'https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b', 'https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3', 'https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc', 'https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487', 'https://lore.kernel.org/linux-cve-announce/2024041744-CVE-2024-26896-79fe@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-26896', 'https://ubuntu.com/security/notices/USN-6816-1', 'https://ubuntu.com/security/notices/USN-6817-1', 'https://ubuntu.com/security/notices/USN-6817-2', 'https://ubuntu.com/security/notices/USN-6817-3', 'https://ubuntu.com/security/notices/USN-6878-1', 'https://www.cve.org/CVERecord?id=CVE-2024-26896'], 'PublishedDate': '2024-04-17T11:15:10.727Z', 'LastModifiedDate': '2024-07-03T01:49:59.133Z'}, {'VulnerabilityID': 'CVE-2024-27011', 'PkgID': 'linux-tools-common@5.15.0-122.132', 'PkgName': 'linux-tools-common', 'InstalledVersion': '5.15.0-122.132', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-27011', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'kernel: netfilter: nf_tables: fix memleak in map from abort path', 'Description': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS:  0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967]  <TASK>\n[ 6170.287973]  ? __warn+0x9f/0x1a0\n[ 6170.287986]  ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092]  ? report_bug+0x1b1/0x1e0\n[ 6170.287986]  ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092]  ? report_bug+0x1b1/0x1e0\n[ 6170.288104]  ? handle_bug+0x3c/0x70\n[ 6170.288112]  ? exc_invalid_op+0x17/0x40\n[ 6170.288120]  ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132]  ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243]  ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366]  ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483]  nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:5102', 'https://access.redhat.com/security/cve/CVE-2024-27011', 'https://bugzilla.redhat.com/2263879', 'https://bugzilla.redhat.com/2265645', 'https://bugzilla.redhat.com/2265797', 'https://bugzilla.redhat.com/2266341', 'https://bugzilla.redhat.com/2266347', 'https://bugzilla.redhat.com/2266497', 'https://bugzilla.redhat.com/2267787', 'https://bugzilla.redhat.com/2268118', 'https://bugzilla.redhat.com/2269070', 'https://bugzilla.redhat.com/2269211', 'https://bugzilla.redhat.com/2270084', 'https://bugzilla.redhat.com/2270100', 'https://bugzilla.redhat.com/2271686', 'https://bugzilla.redhat.com/2271688', 'https://bugzilla.redhat.com/2272782', 'https://bugzilla.redhat.com/2272795', 'https://bugzilla.redhat.com/2273109', 'https://bugzilla.redhat.com/2273174', 'https://bugzilla.redhat.com/2273236', 'https://bugzilla.redhat.com/2273242', 'https://bugzilla.redhat.com/2273247', 'https://bugzilla.redhat.com/2273268', 'https://bugzilla.redhat.com/2273427', 'https://bugzilla.redhat.com/2273654', 'https://bugzilla.redhat.com/2275565', 'https://bugzilla.redhat.com/2275573', 'https://bugzilla.redhat.com/2275580', 'https://bugzilla.redhat.com/2275694', 'https://bugzilla.redhat.com/2275711', 'https://bugzilla.redhat.com/2275748', 'https://bugzilla.redhat.com/2275761', 'https://bugzilla.redhat.com/2275928', 'https://bugzilla.redhat.com/2277166', 'https://bugzilla.redhat.com/2277238', 'https://bugzilla.redhat.com/2277840', 'https://bugzilla.redhat.com/2278176', 'https://bugzilla.redhat.com/2278178', 'https://bugzilla.redhat.com/2278182', 'https://bugzilla.redhat.com/2278218', 'https://bugzilla.redhat.com/2278256', 'https://bugzilla.redhat.com/2278258', 'https://bugzilla.redhat.com/2278277', 'https://bugzilla.redhat.com/2278279', 'https://bugzilla.redhat.com/2278380', 'https://bugzilla.redhat.com/2278484', 'https://bugzilla.redhat.com/2278515', 'https://bugzilla.redhat.com/2278535', 'https://bugzilla.redhat.com/2278539', 'https://bugzilla.redhat.com/2278989', 'https://bugzilla.redhat.com/2280440', 'https://bugzilla.redhat.com/2281054', 'https://bugzilla.redhat.com/2281133', 'https://bugzilla.redhat.com/2281149', 'https://bugzilla.redhat.com/2281207', 'https://bugzilla.redhat.com/2281215', 'https://bugzilla.redhat.com/2281221', 'https://bugzilla.redhat.com/2281235', 'https://bugzilla.redhat.com/2281268', 'https://bugzilla.redhat.com/2281326', 'https://bugzilla.redhat.com/2281360', 'https://bugzilla.redhat.com/2281510', 'https://bugzilla.redhat.com/2281519', 'https://bugzilla.redhat.com/2281636', 'https://bugzilla.redhat.com/2281641', 'https://bugzilla.redhat.com/2281664', 'https://bugzilla.redhat.com/2281667', 'https://bugzilla.redhat.com/2281672', 'https://bugzilla.redhat.com/2281675', 'https://bugzilla.redhat.com/2281682', 'https://bugzilla.redhat.com/2281725', 'https://bugzilla.redhat.com/2281752', 'https://bugzilla.redhat.com/2281758', 'https://bugzilla.redhat.com/2281819', 'https://bugzilla.redhat.com/2281821', 'https://bugzilla.redhat.com/2281833', 'https://bugzilla.redhat.com/2281938', 'https://bugzilla.redhat.com/2281949', 'https://bugzilla.redhat.com/2281968', 'https://bugzilla.redhat.com/2281989', 'https://bugzilla.redhat.com/2282328', 'https://bugzilla.redhat.com/2282373', 'https://bugzilla.redhat.com/2282479', 'https://bugzilla.redhat.com/2282553', 'https://bugzilla.redhat.com/2282615', 'https://bugzilla.redhat.com/2282623', 'https://bugzilla.redhat.com/2282640', 'https://bugzilla.redhat.com/2282642', 'https://bugzilla.redhat.com/2282645', 'https://bugzilla.redhat.com/2282717', 'https://bugzilla.redhat.com/2282719', 'https://bugzilla.redhat.com/2282727', 'https://bugzilla.redhat.com/2282742', 'https://bugzilla.redhat.com/2282743', 'https://bugzilla.redhat.com/2282744', 'https://bugzilla.redhat.com/2282759', 'https://bugzilla.redhat.com/2282763', 'https://bugzilla.redhat.com/2282766', 'https://bugzilla.redhat.com/2282772', 'https://bugzilla.redhat.com/2282780', 'https://bugzilla.redhat.com/2282887', 'https://bugzilla.redhat.com/2282896', 'https://bugzilla.redhat.com/2282923', 'https://bugzilla.redhat.com/2282925', 'https://bugzilla.redhat.com/2282950', 'https://bugzilla.redhat.com/2283401', 'https://bugzilla.redhat.com/2283894', 'https://bugzilla.redhat.com/2284400', 'https://bugzilla.redhat.com/2284417', 'https://bugzilla.redhat.com/2284421', 'https://bugzilla.redhat.com/2284474', 'https://bugzilla.redhat.com/2284477', 'https://bugzilla.redhat.com/2284488', 'https://bugzilla.redhat.com/2284496', 'https://bugzilla.redhat.com/2284500', 'https://bugzilla.redhat.com/2284513', 'https://bugzilla.redhat.com/2284519', 'https://bugzilla.redhat.com/2284539', 'https://bugzilla.redhat.com/2284541', 'https://bugzilla.redhat.com/2284556', 'https://bugzilla.redhat.com/2284571', 'https://bugzilla.redhat.com/2284590', 'https://bugzilla.redhat.com/2284625', 'https://bugzilla.redhat.com/2290408', 'https://bugzilla.redhat.com/2292331', 'https://bugzilla.redhat.com/2293078', 'https://bugzilla.redhat.com/2293250', 'https://bugzilla.redhat.com/2293276', 'https://bugzilla.redhat.com/2293312', 'https://bugzilla.redhat.com/2293316', 'https://bugzilla.redhat.com/2293348', 'https://bugzilla.redhat.com/2293371', 'https://bugzilla.redhat.com/2293383', 'https://bugzilla.redhat.com/2293418', 'https://bugzilla.redhat.com/2293420', 'https://bugzilla.redhat.com/2293444', 'https://bugzilla.redhat.com/2293461', 'https://bugzilla.redhat.com/2293653', 'https://bugzilla.redhat.com/2293657', 'https://bugzilla.redhat.com/2293684', 'https://bugzilla.redhat.com/2293687', 'https://bugzilla.redhat.com/2293700', 'https://bugzilla.redhat.com/2293711', 'https://bugzilla.redhat.com/2294274', 'https://bugzilla.redhat.com/2295914', 'https://bugzilla.redhat.com/2296067', 'https://bugzilla.redhat.com/2297056', 'https://bugzilla.redhat.com/2297474', 'https://bugzilla.redhat.com/2297511', 'https://bugzilla.redhat.com/2298108', 'https://bugzilla.redhat.com/show_bug.cgi?id=2263879', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265650', 'https://bugzilla.redhat.com/show_bug.cgi?id=2265797', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266341', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266347', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2266594', 'https://bugzilla.redhat.com/show_bug.cgi?id=2267787', 'https://bugzilla.redhat.com/show_bug.cgi?id=2268118', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269070', 'https://bugzilla.redhat.com/show_bug.cgi?id=2269211', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270084', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270100', 'https://bugzilla.redhat.com/show_bug.cgi?id=2270700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271686', 'https://bugzilla.redhat.com/show_bug.cgi?id=2271688', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2272795', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273109', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273117', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273174', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273236', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273242', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273247', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273427', 'https://bugzilla.redhat.com/show_bug.cgi?id=2273654', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275565', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275573', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275580', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275694', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275748', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275761', 'https://bugzilla.redhat.com/show_bug.cgi?id=2275928', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277166', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277238', 'https://bugzilla.redhat.com/show_bug.cgi?id=2277840', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278176', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278178', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278182', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278218', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278256', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278258', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278277', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278279', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278380', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278484', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278515', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278535', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2280440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281054', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281133', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281149', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281189', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281190', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281207', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281215', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281221', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281235', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281268', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281326', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281360', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281510', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281636', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281641', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281664', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281667', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281675', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281682', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281725', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281752', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281758', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281819', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281821', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281833', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281938', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281949', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281968', 'https://bugzilla.redhat.com/show_bug.cgi?id=2281989', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282328', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282373', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282479', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282553', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282615', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282623', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282640', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282642', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282645', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282690', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282717', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282719', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282727', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282742', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282743', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282744', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282759', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282763', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282766', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282772', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282780', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282887', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282896', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282923', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282925', 'https://bugzilla.redhat.com/show_bug.cgi?id=2282950', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283401', 'https://bugzilla.redhat.com/show_bug.cgi?id=2283894', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284400', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284417', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284421', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284465', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284477', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284496', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284500', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284513', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284519', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284539', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284541', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284556', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284571', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284590', 'https://bugzilla.redhat.com/show_bug.cgi?id=2284625', 'https://bugzilla.redhat.com/show_bug.cgi?id=2290408', 'https://bugzilla.redhat.com/show_bug.cgi?id=2292331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293078', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293250', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293276', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293312', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293316', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293348', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293367', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293371', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293383', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293418', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293420', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293444', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293461', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293653', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293657', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293684', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293687', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293700', 'https://bugzilla.redhat.com/show_bug.cgi?id=2293711', 'https://bugzilla.redhat.com/show_bug.cgi?id=2294274', 'https://bugzilla.redhat.com/show_bug.cgi?id=2295914', 'https://bugzilla.redhat.com/show_bug.cgi?id=2296067', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297056', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297474', 'https://bugzilla.redhat.com/show_bug.cgi?id=2297558', 'https://bugzilla.redhat.com/show_bug.cgi?id=2298108', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974', 'https://errata.almalinux.org/8/ALSA-2024-5102.html', 'https://errata.rockylinux.org/RLSA-2024:5101', 'https://git.kernel.org/linus/86a1471d7cde792941109b93b558b5dc078b9ee9 (6.9-rc5)', 'https://git.kernel.org/stable/c/49d0e656d19dfb2d4d7c230e4a720d37b3decff6', 'https://git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9', 'https://git.kernel.org/stable/c/a1bd2a38a1c6388fc8556816dc203c3e9dc52237', 'https://linux.oracle.com/cve/CVE-2024-27011.html', 'https://linux.oracle.com/errata/ELSA-2024-5101.html', 'https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27011-2c70@gregkh/T', 'https://nvd.nist.gov/vuln/detail/CVE-2024-27011', 'https://ubuntu.com/security/notices/USN-6893-1', 'https://ubuntu.com/security/notices/USN-6893-2', 'https://ubuntu.com/security/notices/USN-6893-3', 'https://ubuntu.com/security/notices/USN-6918-1', 'https://www.cve.org/CVERecord?id=CVE-2024-27011'], 'PublishedDate': '2024-05-01T06:15:19.583Z', 'LastModifiedDate': '2024-10-10T12:15:03.39Z'}, {'VulnerabilityID': 'CVE-2016-20013', 'PkgID': 'locales@2.35-0ubuntu3.8', 'PkgName': 'locales', 'InstalledVersion': '2.35-0ubuntu3.8', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-20013', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", 'Severity': 'LOW', 'CweIDs': ['CWE-770'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}}, 'References': ['https://akkadia.org/drepper/SHA-crypt.txt', 'https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/', 'https://twitter.com/solardiz/status/795601240151457793', 'https://www.cve.org/CVERecord?id=CVE-2016-20013'], 'PublishedDate': '2022-02-19T05:15:09.413Z', 'LastModifiedDate': '2022-03-03T16:43:19.667Z'}, {'VulnerabilityID': 'CVE-2023-29383', 'PkgID': 'login@1:4.8.1-2ubuntu2.2', 'PkgName': 'login', 'InstalledVersion': '1:4.8.1-2ubuntu2.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-29383', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shadow: Improper input validation in shadow-utils package utility chfn', 'Description': 'In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.', 'Severity': 'LOW', 'CweIDs': ['CWE-74'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-29383', 'https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d', 'https://github.com/shadow-maint/shadow/pull/687', 'https://nvd.nist.gov/vuln/detail/CVE-2023-29383', 'https://www.cve.org/CVERecord?id=CVE-2023-29383', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/', 'https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797'], 'PublishedDate': '2023-04-14T22:15:07.68Z', 'LastModifiedDate': '2023-04-24T18:05:30.313Z'}, {'VulnerabilityID': 'CVE-2023-28736', 'PkgID': 'mdadm@4.2-0ubuntu2', 'PkgName': 'mdadm', 'InstalledVersion': '4.2-0ubuntu2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-28736', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'mdadm: Buffer overflow', 'Description': 'Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.', 'Severity': 'LOW', 'CweIDs': ['CWE-120'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L', 'V3Score': 5.7}}, 'References': ['http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html', 'https://access.redhat.com/security/cve/CVE-2023-28736', 'https://nvd.nist.gov/vuln/detail/CVE-2023-28736', 'https://www.cve.org/CVERecord?id=CVE-2023-28736', 'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html'], 'PublishedDate': '2023-08-11T03:15:25.95Z', 'LastModifiedDate': '2023-11-07T04:10:50.49Z'}, {'VulnerabilityID': 'CVE-2023-28938', 'PkgID': 'mdadm@4.2-0ubuntu2', 'PkgName': 'mdadm', 'InstalledVersion': '4.2-0ubuntu2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-28938', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'mdadm: Uncontrolled resource consumption', 'Description': 'Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L', 'V3Score': 3.4}}, 'References': ['http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html', 'https://access.redhat.com/security/cve/CVE-2023-28938', 'https://nvd.nist.gov/vuln/detail/CVE-2023-28938', 'https://www.cve.org/CVERecord?id=CVE-2023-28938', 'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html'], 'PublishedDate': '2023-08-11T03:15:27.257Z', 'LastModifiedDate': '2023-11-07T04:10:58.907Z'}, {'VulnerabilityID': 'CVE-2024-5742', 'PkgID': 'nano@6.2-1', 'PkgName': 'nano', 'InstalledVersion': '6.2-1', 'FixedVersion': '6.2-1ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-5742', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file', 'Description': 'A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.', 'Severity': 'LOW', 'CweIDs': ['CWE-59'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 6.7}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H', 'V3Score': 6.7}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:6986', 'https://access.redhat.com/security/cve/CVE-2024-5742', 'https://bugzilla.redhat.com/2278574', 'https://bugzilla.redhat.com/show_bug.cgi?id=2278574', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5742', 'https://errata.almalinux.org/8/ALSA-2024-6986.html', 'https://errata.rockylinux.org/RLSA-2024:6986', 'https://linux.oracle.com/cve/CVE-2024-5742.html', 'https://linux.oracle.com/errata/ELSA-2024-6986.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-5742', 'https://ubuntu.com/security/notices/USN-7064-1', 'https://www.cve.org/CVERecord?id=CVE-2024-5742'], 'PublishedDate': '2024-06-12T09:15:23.037Z', 'LastModifiedDate': '2024-10-07T20:15:07.173Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'ncurses-base@6.3-2ubuntu0.1', 'PkgName': 'ncurses-base', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'ncurses-base@6.3-2ubuntu0.1', 'PkgName': 'ncurses-base', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'ncurses-bin@6.3-2ubuntu0.1', 'PkgName': 'ncurses-bin', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'ncurses-bin@6.3-2ubuntu0.1', 'PkgName': 'ncurses-bin', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-45918', 'PkgID': 'ncurses-term@6.3-2ubuntu0.1', 'PkgName': 'ncurses-term', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-45918', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c', 'Description': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'Severity': 'LOW', 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-45918', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-45918', 'https://security.netapp.com/advisory/ntap-20240315-0006/', 'https://www.cve.org/CVERecord?id=CVE-2023-45918'], 'PublishedDate': '2024-02-16T22:15:07.88Z', 'LastModifiedDate': '2024-03-15T11:15:08.51Z'}, {'VulnerabilityID': 'CVE-2023-50495', 'PkgID': 'ncurses-term@6.3-2ubuntu0.1', 'PkgName': 'ncurses-term', 'InstalledVersion': '6.3-2ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50495', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'ncurses: segmentation fault via _nc_wrap_entry()', 'Description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().', 'Severity': 'LOW', 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50495', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html', 'https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50495', 'https://security.netapp.com/advisory/ntap-20240119-0008/', 'https://ubuntu.com/security/notices/USN-6684-1', 'https://www.cve.org/CVERecord?id=CVE-2023-50495'], 'PublishedDate': '2023-12-12T15:15:07.867Z', 'LastModifiedDate': '2024-01-31T03:15:08.49Z'}, {'VulnerabilityID': 'CVE-2023-52890', 'PkgID': 'ntfs-3g@1:2021.8.22-3ubuntu1.2', 'PkgName': 'ntfs-3g', 'InstalledVersion': '1:2021.8.22-3ubuntu1.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-52890', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...', 'Description': 'NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.', 'Severity': 'LOW', 'References': ['https://github.com/tuxera/ntfs-3g/issues/84', 'https://nvd.nist.gov/vuln/detail/CVE-2023-52890', 'https://www.cve.org/CVERecord?id=CVE-2023-52890'], 'PublishedDate': '2024-06-13T04:15:15.92Z', 'LastModifiedDate': '2024-06-13T18:36:09.01Z'}, {'VulnerabilityID': 'CVE-2024-41996', 'PkgID': 'openssl@3.0.2-0ubuntu1.18', 'PkgName': 'openssl', 'InstalledVersion': '3.0.2-0ubuntu1.18', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41996', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations', 'Description': 'Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.', 'Severity': 'LOW', 'CweIDs': ['CWE-295'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41996', 'https://dheatattack.gitlab.io/details/', 'https://dheatattack.gitlab.io/faq/', 'https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1', 'https://github.com/openssl/openssl/issues/17374', 'https://github.com/openssl/openssl/pull/25088', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41996', 'https://openssl-library.org/post/2022-10-21-tls-groups-configuration/', 'https://www.cve.org/CVERecord?id=CVE-2024-41996'], 'PublishedDate': '2024-08-26T06:15:04.603Z', 'LastModifiedDate': '2024-08-26T16:35:11.247Z'}, {'VulnerabilityID': 'CVE-2023-29383', 'PkgID': 'passwd@1:4.8.1-2ubuntu2.2', 'PkgName': 'passwd', 'InstalledVersion': '1:4.8.1-2ubuntu2.2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-29383', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shadow: Improper input validation in shadow-utils package utility chfn', 'Description': 'In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.', 'Severity': 'LOW', 'CweIDs': ['CWE-74'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 3.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-29383', 'https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d', 'https://github.com/shadow-maint/shadow/pull/687', 'https://nvd.nist.gov/vuln/detail/CVE-2023-29383', 'https://www.cve.org/CVERecord?id=CVE-2023-29383', 'https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/', 'https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797'], 'PublishedDate': '2023-04-14T22:15:07.68Z', 'LastModifiedDate': '2023-04-24T18:05:30.313Z'}, {'VulnerabilityID': 'CVE-2018-6952', 'PkgID': 'patch@2.7.6-7build2', 'PkgName': 'patch', 'InstalledVersion': '2.7.6-7build2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2018-6952', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'patch: Double free of memory in pch.c:another_hunk() causes a crash', 'Description': 'A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.', 'Severity': 'LOW', 'CweIDs': ['CWE-415'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.3}}, 'References': ['http://www.securityfocus.com/bid/103047', 'https://access.redhat.com/errata/RHSA-2019:2033', 'https://access.redhat.com/security/cve/CVE-2018-6952', 'https://linux.oracle.com/cve/CVE-2018-6952.html', 'https://linux.oracle.com/errata/ELSA-2019-2033.html', 'https://nvd.nist.gov/vuln/detail/CVE-2018-6952', 'https://savannah.gnu.org/bugs/index.php?53133', 'https://security.gentoo.org/glsa/201904-17', 'https://www.cve.org/CVERecord?id=CVE-2018-6952'], 'PublishedDate': '2018-02-13T19:29:00.573Z', 'LastModifiedDate': '2019-04-17T20:29:01.727Z'}, {'VulnerabilityID': 'CVE-2021-45261', 'PkgID': 'patch@2.7.6-7build2', 'PkgName': 'patch', 'InstalledVersion': '2.7.6-7build2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-45261', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'patch: Invalid Pointer via another_hunk function', 'Description': 'An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.', 'Severity': 'LOW', 'CweIDs': ['CWE-763'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V2Score': 4.3, 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-45261', 'https://nvd.nist.gov/vuln/detail/CVE-2021-45261', 'https://savannah.gnu.org/bugs/?61685', 'https://www.cve.org/CVERecord?id=CVE-2021-45261'], 'PublishedDate': '2021-12-22T18:15:08.1Z', 'LastModifiedDate': '2021-12-28T14:24:34.243Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'pkexec@0.105-33', 'PkgName': 'pkexec', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'policykit-1@0.105-33', 'PkgName': 'policykit-1', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2016-2568', 'PkgID': 'polkitd@0.105-33', 'PkgName': 'polkitd', 'InstalledVersion': '0.105-33', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2016-2568', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl', 'Description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'Severity': 'LOW', 'CweIDs': ['CWE-116'], 'CVSS': {'nvd': {'V2Vector': 'AV:L/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H', 'V2Score': 4.4, 'V3Score': 7.8}, 'redhat': {'V2Vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L', 'V2Score': 5.1, 'V3Score': 6.1}}, 'References': ['http://seclists.org/oss-sec/2016/q1/443', 'http://www.openwall.com/lists/oss-security/2016/02/26/3', 'https://access.redhat.com/security/cve/CVE-2016-2568', 'https://access.redhat.com/security/cve/cve-2016-2568', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062', 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746', 'https://lore.kernel.org/patchwork/patch/793178/', 'https://nvd.nist.gov/vuln/detail/CVE-2016-2568', 'https://ubuntu.com/security/CVE-2016-2568', 'https://www.cve.org/CVERecord?id=CVE-2016-2568'], 'PublishedDate': '2017-02-13T18:59:00.393Z', 'LastModifiedDate': '2022-04-18T17:59:06.053Z'}, {'VulnerabilityID': 'CVE-2021-21240', 'PkgID': 'python3-httplib2@0.20.2-2', 'PkgName': 'python3-httplib2', 'InstalledVersion': '0.20.2-2', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-21240', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'python-httplib2: Regular expression denial of service via malicious header', 'Description': 'httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-21240', 'https://github.com/httplib2/httplib2', 'https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc', 'https://github.com/httplib2/httplib2/pull/182', 'https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m', 'https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2021-16.yaml', 'https://nvd.nist.gov/vuln/detail/CVE-2021-21240', 'https://pypi.org/project/httplib2', 'https://www.cve.org/CVERecord?id=CVE-2021-21240'], 'PublishedDate': '2021-02-08T20:15:12.197Z', 'LastModifiedDate': '2021-02-12T14:56:39.647Z'}, {'VulnerabilityID': 'CVE-2024-41671', 'PkgID': 'python3-twisted@22.1.0-2ubuntu2.5', 'PkgName': 'python3-twisted', 'InstalledVersion': '22.1.0-2ubuntu2.5', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41671', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'Twisted is an event-based framework for internet applications, support ...', 'Description': 'Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L', 'V3Score': 8.3}}, 'References': ['https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33', 'https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc', 'https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41671', 'https://ubuntu.com/security/notices/USN-6988-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41671'], 'PublishedDate': '2024-07-29T15:15:15.76Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2024-37891', 'PkgID': 'python3-urllib3@1.26.5-1~exp1ubuntu0.1', 'PkgName': 'python3-urllib3', 'InstalledVersion': '1.26.5-1~exp1ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-37891', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'urllib3: proxy-authorization request header is not stripped during cross-origin redirects', 'Description': " urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", 'Severity': 'LOW', 'CweIDs': ['CWE-669'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 4.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:6162', 'https://access.redhat.com/security/cve/CVE-2024-37891', 'https://bugzilla.redhat.com/2292788', 'https://errata.almalinux.org/9/ALSA-2024-6162.html', 'https://github.com/urllib3/urllib3', 'https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468', 'https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e', 'https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf', 'https://linux.oracle.com/cve/CVE-2024-37891.html', 'https://linux.oracle.com/errata/ELSA-2024-6311.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-37891', 'https://www.cve.org/CVERecord?id=CVE-2024-37891'], 'PublishedDate': '2024-06-17T20:15:13.45Z', 'LastModifiedDate': '2024-06-20T12:44:22.977Z'}, {'VulnerabilityID': 'CVE-2023-40546', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40546', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Out-of-bounds read printing error messages', 'Description': "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40546', 'https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2051151', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241796', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40546.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40546', 'https://www.cve.org/CVERecord?id=CVE-2023-40546'], 'PublishedDate': '2024-01-29T17:15:08.347Z', 'LastModifiedDate': '2024-09-16T19:16:05.753Z'}, {'VulnerabilityID': 'CVE-2023-40547', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40547', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: RCE in http boot support may lead to Secure Boot bypass', 'Description': 'A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-787', 'CWE-346'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H', 'V3Score': 8.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H', 'V3Score': 8.3}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40547', 'https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2051151', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2234589', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40547.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40547', 'https://www.cve.org/CVERecord?id=CVE-2023-40547'], 'PublishedDate': '2024-01-25T16:15:07.717Z', 'LastModifiedDate': '2024-09-16T19:16:05.947Z'}, {'VulnerabilityID': 'CVE-2023-40548', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40548', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems', 'Description': 'A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-190', 'CWE-787'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40548', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241782', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40548.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40548', 'https://www.cve.org/CVERecord?id=CVE-2023-40548'], 'PublishedDate': '2024-01-29T15:15:08.893Z', 'LastModifiedDate': '2024-10-01T14:15:04.7Z'}, {'VulnerabilityID': 'CVE-2023-40549', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40549', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file', 'Description': 'An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40549', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2241797', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40549.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40549', 'https://www.cve.org/CVERecord?id=CVE-2023-40549'], 'PublishedDate': '2024-01-29T17:15:08.58Z', 'LastModifiedDate': '2024-09-16T19:16:06.287Z'}, {'VulnerabilityID': 'CVE-2023-40550', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40550', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: Out-of-bound read in verify_buffer_sbat()', 'Description': "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 5.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40550', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2259915', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40550.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40550', 'https://www.cve.org/CVERecord?id=CVE-2023-40550'], 'PublishedDate': '2024-01-29T17:15:08.773Z', 'LastModifiedDate': '2024-09-16T19:16:06.45Z'}, {'VulnerabilityID': 'CVE-2023-40551', 'PkgID': 'shim-signed@1.51.4+15.8-0ubuntu1', 'PkgName': 'shim-signed', 'InstalledVersion': '1.51.4+15.8-0ubuntu1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-40551', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'shim: out of bounds read when parsing MZ binaries', 'Description': "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-125'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H', 'V3Score': 5.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1834', 'https://access.redhat.com/errata/RHSA-2024:1835', 'https://access.redhat.com/errata/RHSA-2024:1873', 'https://access.redhat.com/errata/RHSA-2024:1876', 'https://access.redhat.com/errata/RHSA-2024:1883', 'https://access.redhat.com/errata/RHSA-2024:1902', 'https://access.redhat.com/errata/RHSA-2024:1903', 'https://access.redhat.com/errata/RHSA-2024:1959', 'https://access.redhat.com/errata/RHSA-2024:2086', 'https://access.redhat.com/security/cve/CVE-2023-40551', 'https://bugzilla.redhat.com/2234589', 'https://bugzilla.redhat.com/2241782', 'https://bugzilla.redhat.com/2241796', 'https://bugzilla.redhat.com/2241797', 'https://bugzilla.redhat.com/2259915', 'https://bugzilla.redhat.com/2259918', 'https://bugzilla.redhat.com/show_bug.cgi?id=2259918', 'https://errata.almalinux.org/9/ALSA-2024-1903.html', 'https://linux.oracle.com/cve/CVE-2023-40551.html', 'https://linux.oracle.com/errata/ELSA-2024-1959.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-40551', 'https://www.cve.org/CVERecord?id=CVE-2023-40551'], 'PublishedDate': '2024-01-29T17:15:08.97Z', 'LastModifiedDate': '2024-09-16T19:16:06.617Z'}, {'VulnerabilityID': 'CVE-2024-5138', 'PkgID': 'snapd@2.63+22.04ubuntu0.1', 'PkgName': 'snapd', 'InstalledVersion': '2.63+22.04ubuntu0.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-5138', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'The snapctl component within snapd allows a confined snap to interact  ...', 'Description': 'The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.', 'Severity': 'LOW', 'CweIDs': ['CWE-20'], 'References': ['https://bugs.launchpad.net/snapd/+bug/2065077', 'https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14', 'https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46', 'https://www.cve.org/CVERecord?id=CVE-2024-5138'], 'PublishedDate': '2024-05-31T21:15:09.93Z', 'LastModifiedDate': '2024-09-06T20:35:18.95Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'systemd@249.11-0ubuntu3.12', 'PkgName': 'systemd', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'systemd-sysv@249.11-0ubuntu3.12', 'PkgName': 'systemd-sysv', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2023-7008', 'PkgID': 'udev@249.11-0ubuntu3.12', 'PkgName': 'udev', 'InstalledVersion': '249.11-0ubuntu3.12', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-7008', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes', 'Description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'Severity': 'LOW', 'CweIDs': ['CWE-300'], 'CVSS': {'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:2463', 'https://access.redhat.com/errata/RHSA-2024:3203', 'https://access.redhat.com/security/cve/CVE-2023-7008', 'https://bugzilla.redhat.com/2222672', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261', 'https://bugzilla.redhat.com/show_bug.cgi?id=2222672', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008', 'https://errata.almalinux.org/9/ALSA-2024-2463.html', 'https://errata.rockylinux.org/RLSA-2024:2463', 'https://github.com/systemd/systemd/issues/25676', 'https://linux.oracle.com/cve/CVE-2023-7008.html', 'https://linux.oracle.com/errata/ELSA-2024-3203.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-7008', 'https://www.cve.org/CVERecord?id=CVE-2023-7008'], 'PublishedDate': '2023-12-23T13:15:07.573Z', 'LastModifiedDate': '2024-09-16T17:16:02.17Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim-common@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim-common', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim-runtime@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim-runtime', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'vim-tiny@2:8.2.3995-1ubuntu2.18', 'PkgName': 'vim-tiny', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2021-31879', 'PkgID': 'wget@1.21.2-2ubuntu1.1', 'PkgName': 'wget', 'InstalledVersion': '1.21.2-2ubuntu1.1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-31879', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'wget: authorization header disclosure on redirect', 'Description': 'GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-601'], 'CVSS': {'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N', 'V2Score': 5.8, 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-31879', 'https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html', 'https://nvd.nist.gov/vuln/detail/CVE-2021-31879', 'https://savannah.gnu.org/bugs/?56909', 'https://security.netapp.com/advisory/ntap-20210618-0002/', 'https://www.cve.org/CVERecord?id=CVE-2021-31879'], 'PublishedDate': '2021-04-29T05:15:08.707Z', 'LastModifiedDate': '2022-05-13T20:52:24.793Z'}, {'VulnerabilityID': 'CVE-2024-43802', 'PkgID': 'xxd@2:8.2.3995-1ubuntu2.18', 'PkgName': 'xxd', 'InstalledVersion': '2:8.2.3995-1ubuntu2.18', 'FixedVersion': '2:8.2.3995-1ubuntu2.19', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-43802', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': "vim: Heap Buffer Overflow in Vim's Typeahead Buffer Handling", 'Description': "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters.  So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-122'], 'CVSS': {'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L', 'V3Score': 4.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-43802', 'https://github.com/vim/vim/commit/322ba9108612bead5eb', 'https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)', 'https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh', 'https://nvd.nist.gov/vuln/detail/CVE-2024-43802', 'https://ubuntu.com/security/notices/USN-7048-1', 'https://ubuntu.com/security/notices/USN-7048-2', 'https://www.cve.org/CVERecord?id=CVE-2024-43802'], 'PublishedDate': '2024-08-26T19:15:07.943Z', 'LastModifiedDate': '2024-08-27T13:02:05.683Z'}, {'VulnerabilityID': 'CVE-2022-4899', 'PkgID': 'zstd@1.4.8+dfsg-3build1', 'PkgName': 'zstd', 'InstalledVersion': '1.4.8+dfsg-3build1', 'Layer': {}, 'SeveritySource': 'ubuntu', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-4899', 'DataSource': {'ID': 'ubuntu', 'Name': 'Ubuntu CVE Tracker', 'URL': 'https://git.launchpad.net/ubuntu-cve-tracker'}, 'Title': 'zstd: mysql: buffer overrun in util.c', 'Description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.', 'Severity': 'LOW', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:1141', 'https://access.redhat.com/security/cve/CVE-2022-4899', 'https://bugzilla.redhat.com/2179864', 'https://bugzilla.redhat.com/2188109', 'https://bugzilla.redhat.com/2188113', 'https://bugzilla.redhat.com/2188115', 'https://bugzilla.redhat.com/2188116', 'https://bugzilla.redhat.com/2188117', 'https://bugzilla.redhat.com/2188118', 'https://bugzilla.redhat.com/2188119', 'https://bugzilla.redhat.com/2188120', 'https://bugzilla.redhat.com/2188121', 'https://bugzilla.redhat.com/2188122', 'https://bugzilla.redhat.com/2188123', 'https://bugzilla.redhat.com/2188124', 'https://bugzilla.redhat.com/2188125', 'https://bugzilla.redhat.com/2188127', 'https://bugzilla.redhat.com/2188128', 'https://bugzilla.redhat.com/2188129', 'https://bugzilla.redhat.com/2188130', 'https://bugzilla.redhat.com/2188131', 'https://bugzilla.redhat.com/2188132', 'https://bugzilla.redhat.com/2224211', 'https://bugzilla.redhat.com/2224212', 'https://bugzilla.redhat.com/2224213', 'https://bugzilla.redhat.com/2224214', 'https://bugzilla.redhat.com/2224215', 'https://bugzilla.redhat.com/2224216', 'https://bugzilla.redhat.com/2224217', 'https://bugzilla.redhat.com/2224218', 'https://bugzilla.redhat.com/2224219', 'https://bugzilla.redhat.com/2224220', 'https://bugzilla.redhat.com/2224221', 'https://bugzilla.redhat.com/2224222', 'https://bugzilla.redhat.com/2245014', 'https://bugzilla.redhat.com/2245015', 'https://bugzilla.redhat.com/2245016', 'https://bugzilla.redhat.com/2245017', 'https://bugzilla.redhat.com/2245018', 'https://bugzilla.redhat.com/2245019', 'https://bugzilla.redhat.com/2245020', 'https://bugzilla.redhat.com/2245021', 'https://bugzilla.redhat.com/2245022', 'https://bugzilla.redhat.com/2245023', 'https://bugzilla.redhat.com/2245024', 'https://bugzilla.redhat.com/2245026', 'https://bugzilla.redhat.com/2245027', 'https://bugzilla.redhat.com/2245028', 'https://bugzilla.redhat.com/2245029', 'https://bugzilla.redhat.com/2245030', 'https://bugzilla.redhat.com/2245031', 'https://bugzilla.redhat.com/2245032', 'https://bugzilla.redhat.com/2245033', 'https://bugzilla.redhat.com/2245034', 'https://bugzilla.redhat.com/2258771', 'https://bugzilla.redhat.com/2258772', 'https://bugzilla.redhat.com/2258773', 'https://bugzilla.redhat.com/2258774', 'https://bugzilla.redhat.com/2258775', 'https://bugzilla.redhat.com/2258776', 'https://bugzilla.redhat.com/2258777', 'https://bugzilla.redhat.com/2258778', 'https://bugzilla.redhat.com/2258779', 'https://bugzilla.redhat.com/2258780', 'https://bugzilla.redhat.com/2258781', 'https://bugzilla.redhat.com/2258782', 'https://bugzilla.redhat.com/2258783', 'https://bugzilla.redhat.com/2258784', 'https://bugzilla.redhat.com/2258785', 'https://bugzilla.redhat.com/2258787', 'https://bugzilla.redhat.com/2258788', 'https://bugzilla.redhat.com/2258789', 'https://bugzilla.redhat.com/2258790', 'https://bugzilla.redhat.com/2258791', 'https://bugzilla.redhat.com/2258792', 'https://bugzilla.redhat.com/2258793', 'https://bugzilla.redhat.com/2258794', 'https://errata.almalinux.org/9/ALSA-2024-1141.html', 'https://github.com/facebook/zstd', 'https://github.com/facebook/zstd/issues/3200', 'https://github.com/facebook/zstd/pull/3220', 'https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml', 'https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6', 'https://linux.oracle.com/cve/CVE-2022-4899.html', 'https://linux.oracle.com/errata/ELSA-2024-1141.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN', 'https://nvd.nist.gov/vuln/detail/CVE-2022-4899', 'https://security.netapp.com/advisory/ntap-20230725-0005', 'https://security.netapp.com/advisory/ntap-20230725-0005/', 'https://www.cve.org/CVERecord?id=CVE-2022-4899'], 'PublishedDate': '2023-03-31T20:15:07.213Z', 'LastModifiedDate': '2023-11-07T03:59:16.09Z'}]}, {'Target': 'Python', 'Class': 'lang-pkgs', 'Type': 'python-pkg', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2021-42771', 'PkgName': 'Babel', 'PkgPath': 'usr/lib/python3/dist-packages/Babel-2.8.0.egg-info/PKG-INFO', 'InstalledVersion': '2.8.0', 'FixedVersion': '2.9.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2021-42771', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code', 'Description': 'Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.', 'Severity': 'HIGH', 'CweIDs': ['CWE-22'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}, 'nvd': {'V2Vector': 'AV:L/AC:L/Au:N/C:C/I:C/A:C', 'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 7.2, 'V3Score': 7.8}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 7.8}}, 'References': ['https://access.redhat.com/security/cve/CVE-2021-42771', 'https://bugzilla.redhat.com/show_bug.cgi?id=1955615', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20095', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771', 'https://errata.almalinux.org/8/ALSA-2021-4201.html', 'https://errata.rockylinux.org/RLSA-2021:4201', 'https://github.com/advisories/GHSA-h4m5-qpfp-3mpv', 'https://github.com/pypa/advisory-database/tree/main/vulns/babel/PYSEC-2021-421.yaml', 'https://github.com/python-babel/babel', 'https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3', 'https://github.com/python-babel/babel/pull/782', 'https://linux.oracle.com/cve/CVE-2021-42771.html', 'https://linux.oracle.com/errata/ELSA-2021-4201.html', 'https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html', 'https://lists.debian.org/debian-lts/2021/10/msg00040.html', 'https://nvd.nist.gov/vuln/detail/CVE-2021-42771', 'https://www.cve.org/CVERecord?id=CVE-2021-42771', 'https://www.debian.org/security/2021/dsa-5018', 'https://www.tenable.com/security/research/tra-2021-14'], 'PublishedDate': '2021-10-20T21:15:07.93Z', 'LastModifiedDate': '2021-12-14T21:22:17.273Z'}, {'VulnerabilityID': 'CVE-2022-29217', 'PkgName': 'PyJWT', 'PkgPath': 'usr/lib/python3/dist-packages/PyJWT-2.3.0.egg-info/PKG-INFO', 'InstalledVersion': '2.3.0', 'FixedVersion': '2.4.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-29217', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-jwt: Key confusion through non-blocklisted public key formats', 'Description': 'PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.', 'Severity': 'HIGH', 'CweIDs': ['CWE-327'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N', 'V3Score': 7.4}, 'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-29217', 'https://github.com/jpadilla/pyjwt', 'https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc', 'https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc (2.4.0)', 'https://github.com/jpadilla/pyjwt/releases/tag/2.4.0', 'https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24', 'https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2022-202.yaml', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO', 'https://nvd.nist.gov/vuln/detail/CVE-2022-29217', 'https://ubuntu.com/security/notices/USN-5526-1', 'https://ubuntu.com/security/notices/USN-5526-2', 'https://www.cve.org/CVERecord?id=CVE-2022-29217'], 'PublishedDate': '2022-05-24T15:15:07.767Z', 'LastModifiedDate': '2023-11-07T03:45:58.57Z'}, {'VulnerabilityID': 'CVE-2022-21716', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '22.2.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-21716', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: SSH client and server denial of service during SSH handshake', 'Description': "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.", 'Severity': 'HIGH', 'CweIDs': ['CWE-770', 'CWE-120'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'nvd': {'V2Vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V2Score': 5, 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-21716', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9', 'https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1', 'https://github.com/twisted/twisted/releases/tag/twisted-22.2.0', 'https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx', 'https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6', 'https://nvd.nist.gov/vuln/detail/CVE-2022-21716', 'https://security.gentoo.org/glsa/202301-02', 'https://twistedmatrix.com/trac/ticket/10284', 'https://ubuntu.com/security/notices/USN-5354-1', 'https://ubuntu.com/security/notices/USN-5354-2', 'https://www.cve.org/CVERecord?id=CVE-2022-21716', 'https://www.oracle.com/security-alerts/cpuapr2022.html'], 'PublishedDate': '2022-03-03T21:15:07.747Z', 'LastModifiedDate': '2023-11-07T03:43:42.493Z'}, {'VulnerabilityID': 'CVE-2022-24801', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '22.4.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-24801', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: possible http request smuggling', 'Description': "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.", 'Severity': 'HIGH', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 8.1}, 'nvd': {'V2Vector': 'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V2Score': 6.8, 'V3Score': 8.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', 'V3Score': 8.1}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-24801', 'https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac', 'https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac (twisted-22.04.0rc1)', 'https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1', 'https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq', 'https://linux.oracle.com/cve/CVE-2022-24801.html', 'https://linux.oracle.com/errata/ELSA-2022-4930.html', 'https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6', 'https://nvd.nist.gov/vuln/detail/CVE-2022-24801', 'https://ubuntu.com/security/notices/USN-5576-1', 'https://www.cve.org/CVERecord?id=CVE-2022-24801', 'https://www.oracle.com/security-alerts/cpujul2022.html'], 'PublishedDate': '2022-04-04T18:15:07.933Z', 'LastModifiedDate': '2023-11-07T03:44:37.783Z'}, {'VulnerabilityID': 'CVE-2024-41671', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '24.7.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41671', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'Twisted is an event-based framework for internet applications, support ...', 'Description': 'Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.', 'Severity': 'HIGH', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L', 'V3Score': 8.3}}, 'References': ['https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33', 'https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc', 'https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41671', 'https://ubuntu.com/security/notices/USN-6988-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41671'], 'PublishedDate': '2024-07-29T15:15:15.76Z', 'LastModifiedDate': '2024-07-29T16:21:52.517Z'}, {'VulnerabilityID': 'CVE-2022-39348', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '22.10.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2022-39348', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: NameVirtualHost Host header injection', 'Description': 'Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-79', 'CWE-80'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 5.4}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 5.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 5.4}}, 'References': ['https://access.redhat.com/security/cve/CVE-2022-39348', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b', 'https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4', 'https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647', 'https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html', 'https://nvd.nist.gov/vuln/detail/CVE-2022-39348', 'https://security.gentoo.org/glsa/202301-02', 'https://ubuntu.com/security/notices/USN-6575-1', 'https://www.cve.org/CVERecord?id=CVE-2022-39348'], 'PublishedDate': '2022-10-26T20:15:10.58Z', 'LastModifiedDate': '2023-03-08T01:07:01.43Z'}, {'VulnerabilityID': 'CVE-2023-46137', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '23.10.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-46137', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: disordered HTTP pipeline response in twisted.web', 'Description': 'Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-444'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 5.3}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 5.3}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N', 'V3Score': 5.3}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-46137', 'https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm', 'https://nvd.nist.gov/vuln/detail/CVE-2023-46137', 'https://ubuntu.com/security/notices/USN-6575-1', 'https://www.cve.org/CVERecord?id=CVE-2023-46137'], 'PublishedDate': '2023-10-25T21:15:10.237Z', 'LastModifiedDate': '2023-11-02T15:57:53.777Z'}, {'VulnerabilityID': 'CVE-2024-41810', 'PkgName': 'Twisted', 'PkgPath': 'usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'InstalledVersion': '22.1.0', 'FixedVersion': '24.7.0rc1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-41810', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-twisted: Reflected XSS via HTML Injection in Redirect Response', 'Description': 'Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-79', 'CWE-80'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 6.1}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N', 'V3Score': 4.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-41810', 'https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml', 'https://github.com/twisted/twisted', 'https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33', 'https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2', 'https://nvd.nist.gov/vuln/detail/CVE-2024-41810', 'https://ubuntu.com/security/notices/USN-6988-1', 'https://www.cve.org/CVERecord?id=CVE-2024-41810'], 'PublishedDate': '2024-07-29T16:15:05.133Z', 'LastModifiedDate': '2024-09-11T16:17:45.29Z'}, {'VulnerabilityID': 'CVE-2023-26112', 'PkgName': 'configobj', 'PkgPath': 'usr/lib/python3/dist-packages/configobj-5.0.6.egg-info/PKG-INFO', 'InstalledVersion': '5.0.6', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-26112', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-configobj: Regular expression denial of service exists in ./src/configobj/validate.py', 'Description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'Severity': 'LOW', 'CweIDs': ['CWE-1333'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L', 'V3Score': 3.7}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-26112', 'https://github.com/DiffSK/configobj', 'https://github.com/DiffSK/configobj/issues/232', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-26112', 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494', 'https://ubuntu.com/security/notices/USN-7040-1', 'https://ubuntu.com/security/notices/USN-7040-2', 'https://www.cve.org/CVERecord?id=CVE-2023-26112'], 'PublishedDate': '2023-04-03T05:15:07.753Z', 'LastModifiedDate': '2023-11-07T04:09:21.94Z'}, {'VulnerabilityID': 'CVE-2023-0286', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '39.0.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-0286', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'openssl: X.400 address type confusion in X.509 GeneralName', 'Description': 'There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n', 'Severity': 'HIGH', 'CweIDs': ['CWE-843'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.4}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.4}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H', 'V3Score': 7.4}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:2165', 'https://access.redhat.com/security/cve/CVE-2023-0286', 'https://access.redhat.com/security/cve/cve-2023-0286', 'https://bugzilla.redhat.com/1960321', 'https://bugzilla.redhat.com/2164440', 'https://bugzilla.redhat.com/2164487', 'https://bugzilla.redhat.com/2164492', 'https://bugzilla.redhat.com/2164494', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144000', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144003', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144006', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144008', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144010', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144012', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144015', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144017', 'https://bugzilla.redhat.com/show_bug.cgi?id=2144019', 'https://bugzilla.redhat.com/show_bug.cgi?id=2145170', 'https://bugzilla.redhat.com/show_bug.cgi?id=2158412', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164440', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164487', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164488', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164492', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164494', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164497', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164499', 'https://bugzilla.redhat.com/show_bug.cgi?id=2164500', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401', 'https://errata.almalinux.org/9/ALSA-2023-2165.html', 'https://errata.rockylinux.org/RLSA-2023:0946', 'https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt', 'https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig', 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9', 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658', 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5', 'https://linux.oracle.com/cve/CVE-2023-0286.html', 'https://linux.oracle.com/errata/ELSA-2023-32791.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-0286', 'https://rustsec.org/advisories/RUSTSEC-2023-0006.html', 'https://security.gentoo.org/glsa/202402-08', 'https://ubuntu.com/security/notices/USN-5844-1', 'https://ubuntu.com/security/notices/USN-5845-1', 'https://ubuntu.com/security/notices/USN-5845-2', 'https://ubuntu.com/security/notices/USN-6564-1', 'https://www.cve.org/CVERecord?id=CVE-2023-0286', 'https://www.openssl.org/news/secadv/20230207.txt'], 'PublishedDate': '2023-02-08T20:15:24.267Z', 'LastModifiedDate': '2024-02-04T09:15:09.113Z'}, {'VulnerabilityID': 'CVE-2023-50782', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '42.0.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-50782', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659', 'Description': 'A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.', 'Severity': 'HIGH', 'CweIDs': ['CWE-203', 'CWE-208'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 7.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', 'V3Score': 7.5}}, 'References': ['https://access.redhat.com/security/cve/CVE-2023-50782', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254432', 'https://github.com/openssl/openssl/pull/13817', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/issues/9785', 'https://nvd.nist.gov/vuln/detail/CVE-2023-50782', 'https://people.redhat.com/~hkario/marvin/', 'https://ubuntu.com/security/notices/USN-6663-1', 'https://ubuntu.com/security/notices/USN-6673-1', 'https://ubuntu.com/security/notices/USN-6673-2', 'https://www.cve.org/CVERecord?id=CVE-2023-50782'], 'PublishedDate': '2024-02-05T21:15:11.183Z', 'LastModifiedDate': '2024-09-27T19:15:09.603Z'}, {'VulnerabilityID': 'CVE-2023-23931', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '39.0.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-23931', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-cryptography: memory corruption via immutable objects', 'Description': 'cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-754'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 6.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 6.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:6615', 'https://access.redhat.com/security/cve/CVE-2023-23931', 'https://bugzilla.redhat.com/2171817', 'https://errata.almalinux.org/9/ALSA-2023-6615.html', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e', 'https://github.com/pyca/cryptography/pull/8230', 'https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3', 'https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r', 'https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml', 'https://linux.oracle.com/cve/CVE-2023-23931.html', 'https://linux.oracle.com/errata/ELSA-2024-2985.html', 'https://nvd.nist.gov/vuln/detail/CVE-2023-23931', 'https://ubuntu.com/security/notices/USN-6539-1', 'https://www.cve.org/CVERecord?id=CVE-2023-23931'], 'PublishedDate': '2023-02-07T21:15:09.85Z', 'LastModifiedDate': '2024-09-05T16:09:10.43Z'}, {'VulnerabilityID': 'CVE-2023-49083', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.6', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-49083', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-cryptography: NULL-dereference when loading PKCS7 certificates', 'Description': 'cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2023/11/29/2', 'https://access.redhat.com/errata/RHSA-2024:2337', 'https://access.redhat.com/security/cve/CVE-2023-49083', 'https://bugzilla.redhat.com/2255331', 'https://bugzilla.redhat.com/show_bug.cgi?id=2255331', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083', 'https://errata.almalinux.org/9/ALSA-2024-2337.html', 'https://errata.rockylinux.org/RLSA-2024:2337', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a', 'https://github.com/pyca/cryptography/pull/9926', 'https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97', 'https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml', 'https://linux.oracle.com/cve/CVE-2023-49083.html', 'https://linux.oracle.com/errata/ELSA-2024-3105.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-49083', 'https://ubuntu.com/security/notices/USN-6539-1', 'https://www.cve.org/CVERecord?id=CVE-2023-49083'], 'PublishedDate': '2023-11-29T19:15:07.967Z', 'LastModifiedDate': '2024-09-05T16:09:10.43Z'}, {'VulnerabilityID': 'CVE-2024-0727', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '42.0.2', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-0727', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'openssl: denial of service via null dereference', 'Description': 'Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-476'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'V3Score': 5.5}}, 'References': ['http://www.openwall.com/lists/oss-security/2024/03/11/1', 'https://access.redhat.com/errata/RHSA-2024:2447', 'https://access.redhat.com/security/cve/CVE-2024-0727', 'https://bugzilla.redhat.com/2223016', 'https://bugzilla.redhat.com/2224962', 'https://bugzilla.redhat.com/2227852', 'https://bugzilla.redhat.com/2248616', 'https://bugzilla.redhat.com/2257571', 'https://bugzilla.redhat.com/2258502', 'https://bugzilla.redhat.com/2259944', 'https://errata.almalinux.org/9/ALSA-2024-2447.html', 'https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2', 'https://github.com/github/advisory-database/pull/3472', 'https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2', 'https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a', 'https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c', 'https://github.com/openssl/openssl/pull/23362', 'https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d', 'https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8', 'https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539', 'https://linux.oracle.com/cve/CVE-2024-0727.html', 'https://linux.oracle.com/errata/ELSA-2024-2447.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-0727', 'https://security.netapp.com/advisory/ntap-20240208-0006', 'https://ubuntu.com/security/notices/USN-6622-1', 'https://ubuntu.com/security/notices/USN-6632-1', 'https://ubuntu.com/security/notices/USN-6709-1', 'https://ubuntu.com/security/notices/USN-7018-1', 'https://www.cve.org/CVERecord?id=CVE-2024-0727', 'https://www.openssl.org/news/secadv/20240125.txt'], 'PublishedDate': '2024-01-26T09:15:07.637Z', 'LastModifiedDate': '2024-10-14T15:15:13.1Z'}, {'VulnerabilityID': 'GHSA-5cpq-8wj7-hf2v', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://github.com/advisories/GHSA-5cpq-8wj7-hf2v', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'Vulnerable OpenSSL included in cryptography wheels', 'Description': 'pyca/cryptography\'s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.\n\nIf you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.', 'Severity': 'LOW', 'References': ['https://cryptography.io/en/latest/changelog/#v41-0-0', 'https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22', 'https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v']}, {'VulnerabilityID': 'GHSA-jm77-qphf-c4w8', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.3', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://github.com/advisories/GHSA-jm77-qphf-c4w8', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': "pyca/cryptography's wheels include vulnerable OpenSSL", 'Description': 'pyca/cryptography\'s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.\n\nIf you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.', 'Severity': 'LOW', 'References': ['https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d', 'https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2', 'https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8', 'https://www.openssl.org/news/secadv/20230714.txt', 'https://www.openssl.org/news/secadv/20230719.txt', 'https://www.openssl.org/news/secadv/20230731.txt']}, {'VulnerabilityID': 'GHSA-v8gr-m533-ghj9', 'PkgName': 'cryptography', 'PkgPath': 'usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'InstalledVersion': '3.4.8', 'FixedVersion': '41.0.4', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://github.com/advisories/GHSA-v8gr-m533-ghj9', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'Vulnerable OpenSSL included in cryptography wheels', 'Description': 'pyca/cryptography\'s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.\n\nIf you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.', 'Severity': 'LOW', 'References': ['https://github.com/pyca/cryptography', 'https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512', 'https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9']}, {'VulnerabilityID': 'CVE-2024-3651', 'PkgName': 'idna', 'PkgPath': 'usr/lib/python3/dist-packages/idna-3.3.egg-info/PKG-INFO', 'InstalledVersion': '3.3', 'FixedVersion': '3.7', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-3651', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()', 'Description': "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 7.5}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.5}}, 'References': ['https://access.redhat.com/errata/RHSA-2024:3846', 'https://access.redhat.com/security/cve/CVE-2024-3651', 'https://bugzilla.redhat.com/2274779', 'https://bugzilla.redhat.com/show_bug.cgi?id=2274779', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651', 'https://errata.almalinux.org/9/ALSA-2024-3846.html', 'https://errata.rockylinux.org/RLSA-2024:3846', 'https://github.com/kjd/idna', 'https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d', 'https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h', 'https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml', 'https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb', 'https://linux.oracle.com/cve/CVE-2024-3651.html', 'https://linux.oracle.com/errata/ELSA-2024-4260.html', 'https://nvd.nist.gov/vuln/detail/CVE-2024-3651', 'https://ubuntu.com/security/notices/USN-6780-1', 'https://www.cve.org/CVERecord?id=CVE-2024-3651'], 'PublishedDate': '2024-07-07T18:15:09.827Z', 'LastModifiedDate': '2024-07-11T14:58:01.803Z'}, {'VulnerabilityID': 'CVE-2023-32681', 'PkgName': 'requests', 'PkgPath': 'usr/lib/python3/dist-packages/requests-2.25.1.egg-info/PKG-INFO', 'InstalledVersion': '2.25.1', 'FixedVersion': '2.31.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-32681', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'python-requests: Unintended leak of Proxy-Authorization header', 'Description': 'Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-200'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N', 'V3Score': 6.1}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N', 'V3Score': 6.1}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N', 'V3Score': 6.1}}, 'References': ['https://access.redhat.com/errata/RHSA-2023:4350', 'https://access.redhat.com/security/cve/CVE-2023-32681', 'https://bugzilla.redhat.com/2209469', 'https://bugzilla.redhat.com/show_bug.cgi?id=2209469', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681', 'https://errata.almalinux.org/9/ALSA-2023-4350.html', 'https://errata.rockylinux.org/RLSA-2023:4520', 'https://github.com/psf/requests', 'https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5', 'https://github.com/psf/requests/releases/tag/v2.31.0', 'https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q', 'https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml', 'https://linux.oracle.com/cve/CVE-2023-32681.html', 'https://linux.oracle.com/errata/ELSA-2023-7050.html', 'https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/', 'https://nvd.nist.gov/vuln/detail/CVE-2023-32681', 'https://security.gentoo.org/glsa/202309-08', 'https://ubuntu.com/security/notices/USN-6155-1', 'https://ubuntu.com/security/notices/USN-6155-2', 'https://www.cve.org/CVERecord?id=CVE-2023-32681'], 'PublishedDate': '2023-05-26T18:15:14.147Z', 'LastModifiedDate': '2023-09-17T09:15:12.327Z'}, {'VulnerabilityID': 'CVE-2024-35195', 'PkgName': 'requests', 'PkgPath': 'usr/lib/python3/dist-packages/requests-2.25.1.egg-info/PKG-INFO', 'InstalledVersion': '2.25.1', 'FixedVersion': '2.32.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-35195', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'requests: subsequent requests to the same host ignore cert verification', 'Description': 'Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-670'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N', 'V3Score': 5.6}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N', 'V3Score': 5.6}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-35195', 'https://github.com/psf/requests', 'https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac', 'https://github.com/psf/requests/pull/6655', 'https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/', 'https://nvd.nist.gov/vuln/detail/CVE-2024-35195', 'https://www.cve.org/CVERecord?id=CVE-2024-35195'], 'PublishedDate': '2024-05-20T21:15:09.99Z', 'LastModifiedDate': '2024-06-10T17:16:29.563Z'}, {'VulnerabilityID': 'CVE-2024-5569', 'PkgName': 'zipp', 'PkgPath': 'usr/lib/python3/dist-packages/zipp-1.0.0.egg-info/PKG-INFO', 'InstalledVersion': '1.0.0', 'FixedVersion': '3.19.1', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2024-5569', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory pip', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip'}, 'Title': 'github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp', 'Description': 'A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.', 'Severity': 'MEDIUM', 'CweIDs': ['CWE-400'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H', 'V3Score': 6.2}}, 'References': ['https://access.redhat.com/security/cve/CVE-2024-5569', 'https://github.com/jaraco/zipp', 'https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd', 'https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae', 'https://nvd.nist.gov/vuln/detail/CVE-2024-5569', 'https://ubuntu.com/security/notices/USN-6906-1', 'https://www.cve.org/CVERecord?id=CVE-2024-5569'], 'PublishedDate': '2024-07-09T00:15:02.32Z', 'LastModifiedDate': '2024-07-09T18:19:14.047Z'}]}, {'Target': 'usr/lib/snapd/snap-bootstrap', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-exec', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-fde-keymgr', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-preseed', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-recovery-chooser', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-repair', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snap-update-ns', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snapctl', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}, {'Target': 'usr/lib/snapd/snapd', 'Class': 'lang-pkgs', 'Type': 'gobinary', 'Vulnerabilities': [{'VulnerabilityID': 'CVE-2023-48795', 'PkgName': 'golang.org/x/crypto', 'InstalledVersion': 'v0.0.0-20220829220503-c86fa9a7ed90', 'FixedVersion': '0.17.0', 'Layer': {}, 'SeveritySource': 'ghsa', 'PrimaryURL': 'https://avd.aquasec.com/nvd/cve-2023-48795', 'DataSource': {'ID': 'ghsa', 'Name': 'GitHub Security Advisory Go', 'URL': 'https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago'}, 'Title': 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)', 'Description': "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", 'Severity': 'MEDIUM', 'CweIDs': ['CWE-354'], 'CVSS': {'ghsa': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'nvd': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}, 'redhat': {'V3Vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N', 'V3Score': 5.9}}, 'References': ['http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html', 'http://seclists.org/fulldisclosure/2024/Mar/21', 'http://www.openwall.com/lists/oss-security/2023/12/18/3', 'http://www.openwall.com/lists/oss-security/2023/12/19/5', 'http://www.openwall.com/lists/oss-security/2023/12/20/3', 'http://www.openwall.com/lists/oss-security/2024/03/06/3', 'http://www.openwall.com/lists/oss-security/2024/04/17/8', 'https://access.redhat.com/errata/RHSA-2024:1150', 'https://access.redhat.com/security/cve/CVE-2023-48795', 'https://access.redhat.com/security/cve/cve-2023-48795', 'https://access.redhat.com/solutions/7071748', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack', 'https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/', 'https://bugs.gentoo.org/920280', 'https://bugzilla.redhat.com/2254210', 'https://bugzilla.redhat.com/show_bug.cgi?id=2254210', 'https://bugzilla.suse.com/show_bug.cgi?id=1217950', 'https://crates.io/crates/thrussh/versions', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795', 'https://errata.almalinux.org/9/ALSA-2024-1150.html', 'https://errata.rockylinux.org/RLSA-2024:0628', 'https://filezilla-project.org/versions.php', 'https://forum.netgate.com/topic/184941/terrapin-ssh-attack', 'https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6', 'https://github.com/NixOS/nixpkgs/pull/275249', 'https://github.com/PowerShell/Win32-OpenSSH/issues/2189', 'https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta', 'https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0', 'https://github.com/TeraTermProject/teraterm/releases/tag/v5.1', 'https://github.com/advisories/GHSA-45x7-px36-x8w8', 'https://github.com/apache/mina-sshd/issues/445', 'https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab', 'https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22', 'https://github.com/cyd01/KiTTY/issues/520', 'https://github.com/drakkan/sftpgo/releases/tag/v2.5.6', 'https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42', 'https://github.com/erlang/otp/releases/tag/OTP-26.2.1', 'https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d', 'https://github.com/hierynomus/sshj/issues/916', 'https://github.com/janmojzis/tinyssh/issues/81', 'https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5', 'https://github.com/libssh2/libssh2/pull/1291', 'https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25', 'https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3', 'https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15', 'https://github.com/mwiede/jsch/issues/457', 'https://github.com/mwiede/jsch/pull/461', 'https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16', 'https://github.com/openssh/openssh-portable/commits/master', 'https://github.com/paramiko/paramiko/issues/2337', 'https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773', 'https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES', 'https://github.com/proftpd/proftpd/issues/456', 'https://github.com/rapier1/hpn-ssh/releases', 'https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst', 'https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55', 'https://github.com/ronf/asyncssh/tags', 'https://github.com/ssh-mitm/ssh-mitm/issues/165', 'https://github.com/warp-tech/russh', 'https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951', 'https://github.com/warp-tech/russh/releases/tag/v0.40.2', 'https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8', 'https://gitlab.com/libssh/libssh-mirror/-/tags', 'https://go.dev/cl/550715', 'https://go.dev/issue/64784', 'https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ', 'https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg', 'https://help.panic.com/releasenotes/transmit5', 'https://help.panic.com/releasenotes/transmit5/', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795', 'https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/', 'https://linux.oracle.com/cve/CVE-2023-48795.html', 'https://linux.oracle.com/errata/ELSA-2024-2988.html', 'https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html', 'https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html', 'https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7', 'https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/', 'https://matt.ucc.asn.au/dropbear/CHANGES', 'https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC', 'https://news.ycombinator.com/item?id=38684904', 'https://news.ycombinator.com/item?id=38685286', 'https://news.ycombinator.com/item?id=38732005', 'https://nova.app/releases/#v11.8', 'https://nvd.nist.gov/vuln/detail/CVE-2023-48795', 'https://oryx-embedded.com/download/#changelog', 'https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002', 'https://roumenpetrov.info/secsh/#news20231220', 'https://security-tracker.debian.org/tracker/CVE-2023-48795', 'https://security-tracker.debian.org/tracker/source-package/libssh2', 'https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg', 'https://security-tracker.debian.org/tracker/source-package/trilead-ssh2', 'https://security.gentoo.org/glsa/202312-16', 'https://security.gentoo.org/glsa/202312-17', 'https://security.netapp.com/advisory/ntap-20240105-0004', 'https://security.netapp.com/advisory/ntap-20240105-0004/', 'https://support.apple.com/kb/HT214084', 'https://terrapin-attack.com/', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway', 'https://thorntech.com/cve-2023-48795-and-sftp-gateway/', 'https://twitter.com/TrueSkrillor/status/1736774389725565005', 'https://ubuntu.com/security/CVE-2023-48795', 'https://ubuntu.com/security/notices/USN-6560-1', 'https://ubuntu.com/security/notices/USN-6560-2', 'https://ubuntu.com/security/notices/USN-6561-1', 'https://ubuntu.com/security/notices/USN-6585-1', 'https://ubuntu.com/security/notices/USN-6589-1', 'https://ubuntu.com/security/notices/USN-6598-1', 'https://ubuntu.com/security/notices/USN-6738-1', 'https://ubuntu.com/security/notices/USN-7051-1', 'https://winscp.net/eng/docs/history#6.2.2', 'https://www.bitvise.com/ssh-client-version-history#933', 'https://www.bitvise.com/ssh-server-version-history', 'https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html', 'https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update', 'https://www.cve.org/CVERecord?id=CVE-2023-48795', 'https://www.debian.org/security/2023/dsa-5586', 'https://www.debian.org/security/2023/dsa-5588', 'https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc', 'https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508', 'https://www.netsarang.com/en/xshell-update-history', 'https://www.netsarang.com/en/xshell-update-history/', 'https://www.openssh.com/openbsd.html', 'https://www.openssh.com/txt/release-9.6', 'https://www.openwall.com/lists/oss-security/2023/12/18/2', 'https://www.openwall.com/lists/oss-security/2023/12/18/3', 'https://www.openwall.com/lists/oss-security/2023/12/20/3', 'https://www.paramiko.org/changelog.html', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed', 'https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795', 'https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/', 'https://www.terrapin-attack.com', 'https://www.theregister.com/2023/12/20/terrapin_attack_ssh', 'https://www.vandyke.com/products/securecrt/history.txt'], 'PublishedDate': '2023-12-18T16:15:10.897Z', 'LastModifiedDate': '2024-05-01T18:15:10.657Z'}]}]}
diff --git a/components/producers/cloudpi/neo4j-client/main.py b/components/producers/cloudpi/neo4j-client/main.py
index 99a2fa3b..09e172ca 100644
--- a/components/producers/cloudpi/neo4j-client/main.py
+++ b/components/producers/cloudpi/neo4j-client/main.py
@@ -1,6 +1,5 @@
 from reachability import assessor
 from trivy import run
-import os
 
 
 def main():
diff --git a/components/producers/cloudpi/neo4j-client/reachability/assessor.py b/components/producers/cloudpi/neo4j-client/reachability/assessor.py
index c145ff74..f784ed41 100644
--- a/components/producers/cloudpi/neo4j-client/reachability/assessor.py
+++ b/components/producers/cloudpi/neo4j-client/reachability/assessor.py
@@ -1,8 +1,9 @@
 from neo4j import GraphDatabase
-
-uri = "bolt://localhost:7687"
+import os
 
 # Create a Neo4j driver instance
+uri = os.getenv("DATABASE_URI")
+print(f"querying endpoint {uri}")
 driver = GraphDatabase.driver(uri)
 
 def get_snapshosts_exposed():
diff --git a/components/producers/cloudpi/neo4j-client/trivy/run.py b/components/producers/cloudpi/neo4j-client/trivy/run.py
index 00931289..05e211d4 100644
--- a/components/producers/cloudpi/neo4j-client/trivy/run.py
+++ b/components/producers/cloudpi/neo4j-client/trivy/run.py
@@ -6,7 +6,7 @@ def scan_ebs(snap_name):
         # Run Trivy scan command for the specified ebs
         # trivy vm --scanners vuln ebs:snap-02f3d4e008898f8d0 --aws-region eu-west-1
         result = subprocess.run(
-            ['trivy', 'vm', '--scanners', 'vuln', '--format', 'json', f"ebs:{snap_name}"],
+            ['trivy', 'vm', '--scanners', 'vuln', '--format', 'json', '--severity', 'CRITICAL', f"ebs:{snap_name}"],
             capture_output=True,
             text=True,
             check=True
diff --git a/components/producers/cloudpi/task-demo.yaml b/components/producers/cloudpi/task-demo.yaml
new file mode 100644
index 00000000..de16f75b
--- /dev/null
+++ b/components/producers/cloudpi/task-demo.yaml
@@ -0,0 +1,64 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  annotations:
+  labels:
+    v1.dracon.ocurity.com/component: producer
+    v1.dracon.ocurity.com/test-type: sca
+  name: producer-cloudpi
+  namespace: dracon
+spec:
+  params:
+  - description: aws access key id
+    name: AWS_ACCESS_KEY_ID
+    type: string
+  - description: aws secret access key
+    name: AWS_SECRET_ACCESS_KEY
+    type: string
+  - description: aws region
+    name: AWS_DEFAULT_REGION
+    type: string
+  - description: database uri
+    name: DATABASE_URI
+    default: "bolt://dracon.dracon.svc:7687"
+  steps:
+  - name: run-cartography
+    image: 'kind-registry:5000/components/producers/cloudpi:v0.13.0'
+    env:
+      - name: AWS_ACCESS_KEY_ID
+        value: $(params.AWS_ACCESS_KEY_ID)
+      - name: AWS_SECRET_ACCESS_KEY
+        value: $(params.AWS_SECRET_ACCESS_KEY)
+      - name: AWS_DEFAULT_REGION
+        value: $(params.AWS_DEFAULT_REGION)
+      - name: READ_PATH
+        value: $(workspaces.output.path)/.dracon/producers
+      - name: WRITE_PATH
+        value: "$(workspaces.output.path)/.dracon/producers"
+    command: 
+      - cartography
+    args:
+      - --neo4j-uri
+      - bolt://dracon.dracon.svc:7687
+  - args:
+    - main.py
+    command:
+    - python
+    computeResources: {}
+    env:
+    - name: AWS_ACCESS_KEY_ID
+      value: $(params.AWS_ACCESS_KEY_ID)
+    - name: AWS_SECRET_ACCESS_KEY
+      value: $(params.AWS_SECRET_ACCESS_KEY)
+    - name: AWS_DEFAULT_REGION
+      value: $(params.AWS_DEFAULT_REGION)
+    - name: DATABASE_URI
+      value: $(params.DATABASE_URI)
+    image: kind-registry:5000/components/producers/neo4jclient:v0.13.2
+    name: run-trivy
+    volumeMounts:
+    - mountPath: /scratch
+      name: scratch
+  volumes:
+  - emptyDir: {}
+    name: scratch
\ No newline at end of file